3 .\" Author: [see the "Authors" section]
4 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
5 .\" Date: 12 November 2013
6 .\" Manual: NSS Security Tools
10 .TH "VFYCHAIN" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
33 .HP \w'\fBvfychain\fR\ 'u
37 This documentation is still work in progress\&. Please contribute to the initial review in
38 \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
41 The verification Tool,
42 \fBvfychain\fR, verifies certificate chains\&.
44 can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
46 The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
51 the following certfile is base64 encoded
54 \fB\-b \fR \fIYYMMDDHHMMZ\fR
56 Validate date (default: now)
59 \fB\-d \fR \fIdirectory\fR
66 Enable cert fetching from AIA URL
71 Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
76 Use PKIX Library to validate certificate by calling:
78 * CERT_VerifyCertificate if specified once,
80 * CERT_PKIXVerifyCert if specified twice and more\&.
85 Following certfile is raw binary DER (default)
90 Following cert is explicitly trusted (overrides db trust)
93 \fB\-u \fR \fIusage\fR
95 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
100 Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
105 Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
108 \fB\-w \fR \fIpassword\fR
113 \fB\-W \fR \fIpwfile\fR
119 Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
124 \fB\-g \fR \fItest\-type\fR
126 Sets status checking test type\&. Possible values are "leaf" or "chain"
129 \fB\-g \fR \fItest type\fR
131 Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
134 \fB\-h \fR \fItest flags\fR
136 Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
139 \fB\-m \fR \fImethod type\fR
141 Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
144 \fB\-s \fR \fImethod flags\fR
146 Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
148 .SH "ADDITIONAL RESOURCES"
150 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
151 \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
153 Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
155 IRC: Freenode at #dogtag\-pki
158 The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
160 Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
163 Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
166 Mozilla NSS bug 836477
168 \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477