Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 69f62669a8
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 178 lines (172 sloc) 6.795 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177
.\"
.\" mozroots man page
.\" (C) 2005 Novell, Inc.
.\" Authors:
.\" Miguel de Icaza (miguel@gnu.org)
.\" Sebastien Pouliot <sebastien@ximian.com>
.\"
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.TH Mono "MozRoots"
.SH NAME
mozroots \- Download and import trusted root certificates from Mozilla's LXR into Mono's certificate store
.SH SYNOPSIS
.PP
.B mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-remove]]
.SH DESCRIPTION
This program downloads the trusted root certificates from the Mozilla
LXR web site into the Mono certificate store.
.PP
Mono by default does not ship with any default certificates and allows
the user to pick its trusted certificates. The mozroots command will
bring the Mozilla certificates into your local machine.
.SH OPTIONS
.TP
.I "--import"
Import the certificates into the trust store.
.TP
.I "--sync"
Synchronize (add/remove) the trust store with the certificates.
Synchronize is useful for new Mono installations (no roots) and for
automated updates (no user confirmation for addition or removal).
.TP
.I "--ask"
Always confirm before adding or removing trusted certificates.
.B Note:
The initial import will likely add about 100 new trusted root
certificates into your store. You'll have to answer
.B yes
to every one of them if this option is specified.
.TP
.I "--ask-add"
Always confirm before adding a new trusted certificate.
.B Note:
The initial import will likely add about 100 new trusted root
certificates into your store. You'll have to answer
.B yes
to every one of them if this option is specified.
.TP
.I "--ask-remove"
Always confirm before removing an existing trusted certificate.
.SH ADVANCED OPTIONS
.TP
.I "--url url"
Specify an alternative URL for downloading the trusted certificates
(LXR source format). This should only be useful for testing or if
the Mozilla's LXR web site address is changed. It can also be used
to cache a local copy of the LXR file into your local intranet.
.TP
.I "--file name"
Do not download from LXR but use the specified file. This is useful
if many computers have to download the same file from the Internet.
This way you can keep a local copy on a file server (and minimize
network traffic).
.TP
.I "--pkcs7 name"
Export the certificates into a PKCS#7 file. This is useful for
debugging purpose or for re-importing the same list into other
software.
.TP
.I "--machine"
Import the certificate in the machine trust store. The default is to
import all trusted root certificates into the current user store.
.TP
.I "--quiet"
Limit console output to errors and confirmations messages. This is
useful when scripting.
.SH EXAMPLES
.PP
After the initial Mono installation you'll have no trusted roots
certificates pre-installed.
Neither will you have some root test certificates installed (your own
or the ones provided by using
.B setreg
). In this case the simplest thing to do, if you want to trust all
those certificates, is to import and synchronize.
.nf
$ mozroots --import --sync
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
 
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
93 new root certificates were added to your trust store.
Import process completed.
.fi
.PP
If you created some test certificates (e.g. for using SSL/TLS with XSP)
and/or if your enterprise requires some additional root certificates
(e.g. intranet) then you may want to skip the removal part of the
process. You can do this by asking for a removal confirmation
(--ask-remove option) and answer no when prompted.
.nf
$ mozroots --import --ask-remove
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
 
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
93 new root certificates were added to your trust store.
2 previously trusted certificates were not part of the update.

Issuer: CN=Mono Test Root Agency
Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM
Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
Thumbprint MD5: AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
Are you sure you want to remove this certificate ? no
.PP
You can still use the synchronize option (--sync) if you have activated
the default test roots certificate on your system. They will be removed
at the end of the synchronization process but you can quickly add them
back with the
.B setreg
tool.
.nf
$ setreg 1 true
.fi
.PP
Another option to ease updates is to synchronize your machine trust store
(using the --machine option) and keep your customized (test) certificates
in your personal store (or vice versa). Note that every user on this
computer will be trusting all the newly imported certificates.
.nf
$ mozroots --import --machine --sync
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
 
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
94 new root certificates were added to your trust store.
Import process completed.
.fi
.PP
Once the initial import is complete the number of changes (additions or
removals) is generally very low. In this case it makes sense to know
about any changes (i.e. ask for confirmation). No confirmation will be
required if no changes are made to your trust store.
.nf
$ mozroots --import --ask
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
 
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
Import process completed.
.fi
.SH FILES
.PP
~/.config/.mono/certs, /usr/share/.mono/certs
.PP
Contains Mono certificate stores for users / machine. See the certmgr(1)
manual page for more information on managing certificate stores.
.SH COPYRIGHT
Copyright (C) 2005 Novell.
.SH MAILING LISTS
Mailing lists are listed at the
http://www.mono-project.com/Mailing_Lists
.SH WEB SITE
http://www.mono-project.com
.SH SEE ALSO
.BR mono(1), certmgr(1). setreg(1)
Something went wrong with that request. Please try again.