1:certmgr

From Linux Man Pages

      certmgr - Mono Certificate Manager (CLI version)
      
      certmgr [action] [object type] [options] store [filename] or certmgr -ssl [options] url

Contents 1 DESCRIPTION 2 ACTIONS 3 OBJECT TYPES 4 OPTIONS 5 FILES 6 EXAMPLES 7 KNOWN ISSUES 8 COPYRIGHT 9 MAILING LISTS 10 WEB SITE 11 RELATED 12 CATEGORY

DESCRIPTION

      This  tool  allow to list, add, remove or extract certificates, certificate revocation lists (CRL) or certificate
      trust lists (CTL) to/from a certificate store. Certificate stores are used  to  build  and  validate  certificate
      chains for Authenticode(r) code signing validation and SSL server certificates.

ACTIONS

      -list  List the certificates, CTL or CTL in the specified store.
 
      -add   Add a certificate, CRL or CTL to specified store.
 
      -del   Remove a certificate, CRL or CTL from specified store. You must specify the object to be removed with it's
             hash value (and not a filename). This hash value is shown when doing a -list on the store.
 
      -put   Copy a certificate, CRL or CTL from a store to a file.
 
      -ssl   Download and add the certificates from a SSL session. You'll be asked to confirm  the  addition  of  every
             certificate  received  from  the  server. Note that SSL/TLS protocols do not requires a server to send the
             root certificate.  This action assume an certificate (-c) object type and will import the certificates  in
             appropriate  stores  (i.e.  server certificate in the OtherPeople store, the root certificate in the Trust
             store, any other intermediate certificates in the IntermediateCA store).

OBJECT TYPES

      -c , -cert , -certificate
             Add, Delete or Put certificates. That is the specified file must/will contains X.509 certificates  in  DER
             binary encoding.
 
      -crl   Add, Delete or Put certificate revocation lists (CRL). That is the specified file must/will contains X.509
             CRL in DER binary encoding.
 
      -ctl   Add, Delete or Put certificate trust lists (CRL). UNSUPPORTED.

OPTIONS

      -m     Use the machine's certificate stores (instead of the default user's stores).
 
      -v     More details displayed on the console.
 
      -help , -h , -? , /?
             Display help about this tool.

FILES

      WARNING: This details the current behavior of Mono and could change between  releases.   The  only  safe  way  to
      interact with certificate stores is to use the certmgr tool. The current releases of Mono keeps all the user cer-
      tificate stores in separates directories under ~/.config/.mono/certs/
 
      For example the trusted root certificates for a user would be kept under
             ~/.config/.mono/certs/Trust/
 
      Certificates files are kept in DER (binary) format (extension .cer).
 
      The filenames either starts with
             tbp (thumbprint) or ski (subject key identifier).
 
      The rest of the filename is the base64-encoded value (tbp or ski).

EXAMPLES

      mono certmgr.exe -list -c -m Trust
             List all certificates in the machine Trust store. This will display the hash value for  each  certificate.
             This  value can be used to identify uniquely a certificate for some operations (e.g. delete). E.g.  Unique
             Hash: FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
 
      mono certmgr.exe -del -c -m Trust FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
             Remove the certificate, represented by the hash value, from the machine Trust store. Note that the machine
             store is normally restricted. The following error message will appear if the current user doesn't have the
             minimum access rights to remove the certificate: Access to the machine 'Trust' certificate store has  been
             denied.
 
      certmgr -ssl https://www.verisign.com
             Import  certificates  from www.verisign.com used for HTTP over SSL. See KNOWN ISSUES (MD2) if you're down-
             loading from www.verisign.com.
 
      certmgr -ssl ldaps://www.nldap.com:636
             Import the certificates from www.nldap.com used for secure LDAP. This works even if we don't know  how  to
             speak  LDAP because we stop the communication shortly after the SSL handshake (which gives us the certifi-
             cate).

KNOWN ISSUES

      MD2    Some Certificate Authorities (CA) old root certificates use the MD2 hash algorithm. MD2 is old enough  not
             to  be part of the standard .NET framework.  This makes it impossible to validate a digital signature made
             with MD2. For this reason MD2 is included in the Mono.Security.dll assembly.  However  the  machine.config
             file must be updated so the OID for MD2 is known at runtime.
 
             To correct this insert the following XML snippet inside the <configuration> element of your machine.config
             file.
               <mscorlib>
                 <cryptographySettings>
                   <cryptoNameMapping>
                     <cryptoClasses>
                       <cryptoClass monoMD2="Mono.Security.Cryptography.MD2Managed, Mono.Security,  Version=1.0.5000.0,
             Culture=neutral, PublicKeyToken=0738eb9f132ed756" />
                     </cryptoClasses>
                     <nameEntry name="MD2" class="monoMD2" />
                   </cryptoNameMapping>
                   <oidMap>
                     <oidEntry OID="1.2.840.113549.2.2" name="MD2" />
                   </oidMap>
                 </cryptographySettings>
               </mscorlib>

COPYRIGHT

      Copyright (C) 2004-2005 Novell.

MAILING LISTS

      Visit http://lists.ximian.com/mailman/listinfo/mono-list for details.

WEB SITE

      Visit http://www.mono-project.com for details

RELATED

      makecert(1),setreg(1)

                                                                Mono(certmgr)

CATEGORY