1VFYCHAIN(1)                   NSS Security Tools                   VFYCHAIN(1)
2
3
4

NAME

6       vfychain_ - vfychain [options] [revocation options] certfile [[options]
7       certfile] ...
8

SYNOPSIS

10       vfychain
11

STATUS

13       This documentation is still work in progress. Please contribute to the
14       initial review in Mozilla NSS bug 836477[1]
15

DESCRIPTION

17       The verification Tool, vfychain, verifies certificate chains.  modutil
18       can add and delete PKCS #11 modules, change passwords on security
19       databases, set defaults, list module contents, enable or disable slots,
20       enable or disable FIPS 140-2 compliance, and assign default providers
21       for cryptographic operations. This tool can also create certificate,
22       key, and module security database files.
23
24       The tasks associated with security module database management are part
25       of a process that typically also involves managing key databases and
26       certificate databases.
27

OPTIONS

29       -a
30           the following certfile is base64 encoded
31
32       -b  YYMMDDHHMMZ
33           Validate date (default: now)
34
35       -d  directory
36           database directory
37
38       -f
39           Enable cert fetching from AIA URL
40
41       -o  oid
42           Set policy OID for cert validation(Format OID.1.2.3)
43
44       -p
45           Use PKIX Library to validate certificate by calling:
46
47           * CERT_VerifyCertificate if specified once,
48
49           * CERT_PKIXVerifyCert if specified twice and more.
50
51       -r
52           Following certfile is raw binary DER (default)
53
54       -t
55           Following cert is explicitly trusted (overrides db trust)
56
57       -u  usage
58           0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer,
59           5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner,
60           10=OCSP responder, 11=Any CA
61
62       -T
63           Trust both explicit trust anchors (-t) and the database. (Without
64           this option, the default is to only trust certificates marked -t,
65           if there are any, or to trust the database if there are
66           certificates marked -t.)
67
68       -v
69           Verbose mode. Prints root cert subject(double the argument for
70           whole root cert info)
71
72       -w  password
73           Database password
74
75       -W  pwfile
76           Password file
77
78           Revocation options for PKIX API (invoked with -pp options) is a
79           collection of the following flags: [-g type [-h flags] [-m type [-s
80           flags]] ...] ...
81
82           Where:
83
84       -g  test-type
85           Sets status checking test type. Possible values are "leaf" or
86           "chain"
87
88       -g  test type
89           Sets status checking test type. Possible values are "leaf" or
90           "chain".
91
92       -h  test flags
93           Sets revocation flags for the test type it follows. Possible flags:
94           "testLocalInfoFirst" and "requireFreshInfo".
95
96       -m  method type
97           Sets method type for the test type it follows. Possible types are
98           "crl" and "ocsp".
99
100       -s  method flags
101           Sets revocation flags for the method it follows. Possible types are
102           "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and
103           "failIfNoInfo".
104

ADDITIONAL RESOURCES

106       For information about NSS and other tools related to NSS (like JSS),
107       check out the NSS project wiki at
108       http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
109       directly to NSS code changes and releases.
110
111       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto
112
113       IRC: Freenode at #dogtag-pki
114

AUTHORS

116       The NSS tools were written and maintained by developers with Netscape,
117       Red Hat, Sun, Oracle, Mozilla, and Google.
118
119       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
120       <dlackey@redhat.com>.
121

LICENSE

123       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL
124       was not distributed with this file, You can obtain one at
125       http://mozilla.org/MPL/2.0/.
126

NOTES

128        1. Mozilla NSS bug 836477
129           https://bugzilla.mozilla.org/show_bug.cgi?id=836477
130
131
132
133nss-tools 3.44.0                  Nov 13 2013                      VFYCHAIN(1)
Impressum