1CA-LEGACY(8)                                                      CA-LEGACY(8)
2
3
4

NAME

6       ca-legacy - Manage the system configuration for legacy CA certificates
7

SYNOPSIS

9       ca-legacy [COMMAND]
10

DESCRIPTION

12       ca-legacy(8) is used to include or exclude a set of legacy Certificate
13       Authority (CA) certificates in the system’s list of trusted CA
14       certificates.
15
16       The list of CA certificates and trust flags included in the
17       ca-certificates package are based on the decisions made by Mozilla.org
18       according to the Mozilla CA policy.
19
20       Occasionally, removal or distrust decisions made by Mozilla.org might
21       be incompatible with the requirements or limitations of some
22       applications that also use the CA certificates list in the Linux
23       environment.
24
25       The ca-certificates package might keep some CA certificates included
26       and trusted by default, as long as it is seen necessary by the
27       maintainers, despite the fact that they have been removed by Mozilla.
28       These certificates are called legacy CA certificates.
29
30       The general requirements to keep legacy CA certificates included and
31       trusted might change over time, for example if functional limitations
32       of software packages have been resolved. Future versions of the
33       ca-certificates package might reduce the set of legacy CA certificates
34       that are included and trusted by default.
35
36       The ca-legacy(8) command can be used to override the default behaviour.
37
38       The mechanisms to individually trust or distrust CA certificates as
39       described in update-ca-trust(8) still apply.
40

COMMANDS

42       check
43           The current configuration will be shown.
44
45       default
46           Configure the system to use the default configuration, as
47           recommended by the package maintainers.
48
49       disable
50           Configure the system to explicitly disable legacy CA certificates.
51           Using this configuration, the system will use the set of included
52           and trusted CA certificates as released by Mozilla.
53
54       install
55           The configuration file will be read and the system configuration
56           will be set accordingly. This command is executed automatically
57           during upgrades of the ca-certificates package.
58

FILES

60       /etc/pki/ca-trust/ca-legacy.conf
61           A configuration file that will be used and modified by the
62           ca-legacy command. The contents of the configuration file will be
63           read on package upgrades.
64

AUTHOR

66       Written by Kai Engert.
67
68
69
70ca-legacy                         09/25/2018                      CA-LEGACY(8)
Impressum