GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CERTCTL(8) FreeBSD System Manager's Manual CERTCTL(8)

certctltool for managing trusted and untrusted TLS certificates

certctl [-v] list

certctl [-v] untrusted

certctl [-nUv] [-D destdir] [-M metalog] rehash

certctl [-nv] untrust file

certctl [-nv] trust file

The certctl utility manages the list of TLS Certificate Authorities that are trusted by applications that use OpenSSL.

Flags:

destdir
Specify the DESTDIR (overriding values from the environment).
distbase
Specify the DISTBASE (overriding values from the environment).
metalog
Specify the path of the METALOG file (default: $DESTDIR/METALOG).
No-Op mode, do not actually perform any actions.
Be verbose, print details about actions before performing them.
Unprivileged mode, do not change the ownership of created links. Do record the ownership in the METALOG file.

Primary command functions:

List all currently trusted certificate authorities.
List all currently untrusted certificates.
Rebuild the list of trusted certificate authorities by scanning all directories in TRUSTPATH and all untrusted certificates in UNTRUSTPATH. A symbolic link to each trusted certificate is placed in CERTDESTDIR and each untrusted certificate in UNTRUSTDESTDIR.
Add the specified file to the untrusted list.
Remove the specified file from the untrusted list.

Alternate destination directory to operate on.
Additional path component to include when operating on certificate directories.
List of paths to search for trusted certificates. Default: <DESTDIR><DISTBASE>/usr/share/certs/trusted <DESTDIR><DISTBASE>/usr/local/share/certs <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs
List of paths to search for untrusted certificates. Default: <DESTDIR><DISTBASE>/usr/share/certs/untrusted <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted
Destination directory for symbolic links to trusted certificates. Default: <DESTDIR><DISTBASE>/etc/ssl/certs
Destination directory for symbolic links to untrusted certificates. Default: <DESTDIR><DISTBASE>/etc/ssl/untrusted
List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0

openssl(1)

certctl first appeared in FreeBSD 12.2

Allan Jude <allanjude@freebsd.org>

July 13, 2022 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.