Blame SOURCES/ca-legacy.8.txt

6cf4d9
////
6cf4d9
Copyright (C) 2013 Red Hat, Inc.
6cf4d9
6cf4d9
This program is free software; you can redistribute it and/or modify
6cf4d9
it under the terms of the GNU General Public License as published by
6cf4d9
the Free Software Foundation; either version 2 of the License, or
6cf4d9
(at your option) any later version.
6cf4d9
6cf4d9
This program is distributed in the hope that it will be useful,
6cf4d9
but WITHOUT ANY WARRANTY; without even the implied warranty of
6cf4d9
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
6cf4d9
GNU General Public License for more details.
6cf4d9
////
6cf4d9
6cf4d9
6cf4d9
ca-legacy(8)
6cf4d9
============
6cf4d9
:doctype: manpage
6cf4d9
:man source: ca-legacy
6cf4d9
6cf4d9
6cf4d9
NAME
6cf4d9
----
6cf4d9
ca-legacy - Manage the system configuration for legacy CA certificates
6cf4d9
6cf4d9
6cf4d9
SYNOPSIS
6cf4d9
--------
6cf4d9
*ca-legacy* ['COMMAND']
6cf4d9
6cf4d9
6cf4d9
DESCRIPTION
6cf4d9
-----------
6cf4d9
ca-legacy(8) is used to include or exclude a set of legacy Certificate Authority (CA)
6cf4d9
certificates in the system's list of trusted CA certificates.
6cf4d9
6cf4d9
The list of CA certificates and trust flags included in the ca-certificates package
6cf4d9
are based on the decisions made by Mozilla.org according to the Mozilla CA policy.
6cf4d9
6cf4d9
Occasionally, removal or distrust decisions made by Mozilla.org might be incompatible with the requirements
6cf4d9
or limitations of some applications that also use the CA certificates list in the Linux environment.
6cf4d9
6cf4d9
The ca-certificates package might keep some CA certificates included and trusted by default,
6cf4d9
as long as it is seen necessary by the maintainers, despite the fact that they have
6cf4d9
been removed by Mozilla. These certificates are called legacy CA certificates.
6cf4d9
6cf4d9
The general requirements to keep legacy CA certificates included and trusted might change over time,
6cf4d9
for example if functional limitations of software packages have been resolved.
6cf4d9
Future versions of the ca-certificates package might reduce the set of legacy CA certificates
6cf4d9
that are included and trusted by default.
6cf4d9
6cf4d9
The ca-legacy(8) command can be used to override the default behaviour.
6cf4d9
6cf4d9
The mechanisms to individually trust or distrust CA certificates as described in update-ca-trust(8) still apply.
6cf4d9
6cf4d9
6cf4d9
COMMANDS
6cf4d9
--------
6cf4d9
*check*::
6cf4d9
    The current configuration will be shown.
6cf4d9
6cf4d9
*default*::
6cf4d9
    Configure the system to use the default configuration, as recommended
6cf4d9
    by the package maintainers.
6cf4d9
6cf4d9
*disable*::
6cf4d9
    Configure the system to explicitly disable legacy CA certificates.
6cf4d9
    Using this configuration, the system will use the set of
6cf4d9
    included and trusted CA certificates as released by Mozilla.
6cf4d9
6cf4d9
*install*::
6cf4d9
    The configuration file will be read and the system configuration
6cf4d9
    will be set accordingly. This command is executed automatically during
6cf4d9
    upgrades of the ca-certificates package.
6cf4d9
6cf4d9
6cf4d9
FILES
6cf4d9
-----
6cf4d9
/etc/pki/ca-trust/ca-legacy.conf::
6cf4d9
	A configuration file that will be used and modified by the ca-legacy command.
6cf4d9
    The contents of the configuration file will be read on package upgrades.
6cf4d9
6cf4d9
AUTHOR
6cf4d9
------
6cf4d9
Written by Kai Engert.