NAME

certctl —

tool for managing trusted and blacklist TLS certificates

SYNOPSIS

certctl [-v] list

certctl [-v] blacklisted

certctl [-nUv] [-D destdir] [-M metalog] rehash

certctl [-nv] blacklist file

certctl [-nv] unblacklist file

The certctl utility manages the list of TLS Certificate Authorities that are trusted by applications that use OpenSSL.

Flags:

-D destdir: Specify the DESTDIR (overriding values from the environment).
-M metalog: Specify the path of the METALOG file (default: $DESTDIR/METALOG).
-n: No-Op mode, do not actually perform any actions.
-v: Be verbose, print details about actions before performing them.
-U: Unprivileged mode, do not change the ownership of created links. Do record the ownership in the METALOG file.

Primary command functions:

list: List all currently trusted certificate authorities.
blacklisted: List all currently blacklisted certificates.
rehash: Rebuild the list of trusted certificate authorities by scanning all directories in TRUSTPATH and all blacklisted certificates in BLACKLISTPATH. A symbolic link to each trusted certificate is placed in CERTDESTDIR and each blacklisted certificate in BLACKLISTDESTDIR.
blacklist: Add the specified file to the blacklist.
unblacklist: Remove the specified file from the blacklist.

DESTDIR: Alternate destination directory to operate on.
TRUSTPATH: List of paths to search for trusted certificates. Default: <DESTDIR>/usr/share/certs/trusted <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs
BLACKLISTPATH: List of paths to search for blacklisted certificates. Default: <DESTDIR>/usr/share/certs/blacklisted <DESTDIR>/usr/local/etc/ssl/blacklisted
CERTDESTDIR: Destination directory for symbolic links to trusted certificates. Default: <DESTDIR>/etc/ssl/certs
BLACKLISTDESTDIR: Destination directory for symbolic links to blacklisted certificates. Default: <DESTDIR>/etc/ssl/blacklisted
EXTENSIONS: List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0

certctl first appeared in FreeBSD 12.2