Mono(MozRoots) Mono(MozRoots)
NAME
mozroots - Download and import trusted root certificates from Mozilla's
LXR into Mono's certificate store
SYNOPSIS
mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-re-
move]]
DESCRIPTION
This program downloads the trusted root certificates from the Mozilla
LXR web site into the Mono certificate store.
Mono by default does not ship with any default certificates and allows
the user to pick its trusted certificates. The mozroots command will
bring the Mozilla certificates into your local machine.
OPTIONS
--import
Import the certificates into the trust store.
--sync Synchronize (add/remove) the trust store with the certificates.
Synchronize is useful for new Mono installations (no roots) and
for automated updates (no user confirmation for addition or re-
moval).
--ask Always confirm before adding or removing trusted certificates.
Note: The initial import will likely add about 100 new trusted
root certificates into your store. You'll have to answer yes to
every one of them if this option is specified.
--ask-add
Always confirm before adding a new trusted certificate. Note:
The initial import will likely add about 100 new trusted root
certificates into your store. You'll have to answer yes to every
one of them if this option is specified.
--ask-remove
Always confirm before removing an existing trusted certificate.
ADVANCED OPTIONS
--url url
Specify an alternative URL for downloading the trusted certifi-
cates (LXR source format). This should only be useful for test-
ing or if the Mozilla's LXR web site address is changed. It can
also be used to cache a local copy of the LXR file into your lo-
cal intranet.
--file name
Do not download from LXR but use the specified file. This is
useful if many computers have to download the same file from the
Internet. This way you can keep a local copy on a file server
(and minimize network traffic).
--pkcs7 name
Export the certificates into a PKCS#7 file. This is useful for
debugging purpose or for re-importing the same list into other
software.
--machine
Import the certificate in the machine trust store. The default
is to import all trusted root certificates into the current user
store.
--quiet
Limit console output to errors and confirmations messages. This
is useful when scripting.
EXAMPLES
After the initial Mono installation you'll have no trusted roots cer-
tificates pre-installed. Neither will you have some root test certifi-
cates installed (your own or the ones provided by using setreg ). In
this case the simplest thing to do, if you want to trust all those cer-
tificates, is to import and synchronize.
$ mozroots --import --sync
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
93 new root certificates were added to your trust store.
Import process completed.
If you created some test certificates (e.g. for using SSL/TLS with XSP)
and/or if your enterprise requires some additional root certificates
(e.g. intranet) then you may want to skip the removal part of the
process. You can do this by asking for a removal confirmation (--ask-
remove option) and answer no when prompted.
$ mozroots --import --ask-remove
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
93 new root certificates were added to your trust store.
2 previously trusted certificates were not part of the update.
Issuer: CN=Mono Test Root Agency
Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM
Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
Thumbprint MD5: AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
Are you sure you want to remove this certificate ? no
You can still use the synchronize option (--sync) if you have activated
the default test roots certificate on your system. They will be removed
at the end of the synchronization process but you can quickly add them
back with the
setreg
tool.
$ setreg 1 true
Another option to ease updates is to synchronize your machine trust
store (using the --machine option) and keep your customized (test) cer-
tificates in your personal store (or vice versa). Note that every user
on this computer will be trusting all the newly imported certificates.
$ mozroots --import --machine --sync
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
94 new root certificates were added to your trust store.
Import process completed.
Once the initial import is complete the number of changes (additions or
removals) is generally very low. In this case it makes sense to know
about any changes (i.e. ask for confirmation). No confirmation will be
required if no changes are made to your trust store.
$ mozroots --import --ask
Mozilla Roots Importer - version 1.1.9.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into user store...
Import process completed.
FILES
~/.config/.mono/certs, /usr/share/.mono/certs
Contains Mono certificate stores for users / machine. See the cert-
mgr(1) manual page for more information on managing certificate stores.
COPYRIGHT
Copyright (C) 2005 Novell.
MAILING LISTS
Mailing lists are listed at the http://www.mono-project.com/commu-
nity/help/mailing-lists/
WEB SITE
http://www.mono-project.com
SEE ALSO
mono(1),certmgr(1).setreg(1)
Mono(MozRoots)
Generated by dwww version 1.15 on Sat Jun 29 01:59:00 CEST 2024.