1Mono(MozRoots)                                                  Mono(MozRoots)
2
3
4

NAME

6       mozroots - Download and import trusted root certificates from Mozilla's
7       LXR into Mono's certificate store
8

SYNOPSIS

10       mozroots [--import [--machine] [--sync | --ask  |  --ask-add  |  --ask-
11       remove]]
12

DESCRIPTION

14       This  program  downloads the trusted root certificates from the Mozilla
15       LXR web site into the Mono certificate store.
16
17       Mono by default does not ship with any default certificates and  allows
18       the  user  to pick its trusted certificates.  The mozroots command will
19       bring the Mozilla certificates into your local machine.
20

OPTIONS

22       --import
23              Import the certificates into the trust store.
24
25       --sync Synchronize (add/remove) the trust store with the  certificates.
26              Synchronize  is useful for new Mono installations (no roots) and
27              for automated updates (no  user  confirmation  for  addition  or
28              removal).
29
30       --ask  Always  confirm  before adding or removing trusted certificates.
31              Note: The initial import will likely add about 100  new  trusted
32              root  certificates into your store. You'll have to answer yes to
33              every one of them if this option is specified.
34
35       --ask-add
36              Always confirm before adding a new trusted  certificate.   Note:
37              The  initial  import  will likely add about 100 new trusted root
38              certificates into your store. You'll have to answer yes to every
39              one of them if this option is specified.
40
41       --ask-remove
42              Always confirm before removing an existing trusted certificate.
43

ADVANCED OPTIONS

45       --url url
46              Specify  an alternative URL for downloading the trusted certifi‐
47              cates (LXR source format). This should only be useful for  test‐
48              ing  or if the Mozilla's LXR web site address is changed. It can
49              also be used to cache a local copy of the  LXR  file  into  your
50              local intranet.
51
52       --file name
53              Do  not  download  from  LXR but use the specified file. This is
54              useful if many computers have to download the same file from the
55              Internet.   This  way you can keep a local copy on a file server
56              (and minimize network traffic).
57
58       --pkcs7 name
59              Export the certificates into a PKCS#7 file. This is  useful  for
60              debugging  purpose  or for re-importing the same list into other
61              software.
62
63       --machine
64              Import the certificate in the machine trust store.  The  default
65              is to import all trusted root certificates into the current user
66              store.
67
68       --quiet
69              Limit console output to errors and confirmations messages.  This
70              is useful when scripting.
71

EXAMPLES

73       After  the  initial Mono installation you'll have no trusted roots cer‐
74       tificates pre-installed.  Neither will you have some root test certifi‐
75       cates  installed  (your  own or the ones provided by using setreg ). In
76       this case the simplest thing to do, if you want to trust all those cer‐
77       tificates, is to import and synchronize.
78            $ mozroots --import --sync
79            Mozilla Roots Importer - version 1.1.9.0
80            Download and import trusted root certificates from Mozilla's LXR.
81            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
82
83            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
84            Importing certificates into user store...
85            93 new root certificates were added to your trust store.
86            Import process completed.
87
88       If you created some test certificates (e.g. for using SSL/TLS with XSP)
89       and/or if your enterprise requires some  additional  root  certificates
90       (e.g.  intranet)  then  you  may  want  to skip the removal part of the
91       process. You can do this by asking for a removal  confirmation  (--ask-
92       remove option) and answer no when prompted.
93            $ mozroots --import --ask-remove
94            Mozilla Roots Importer - version 1.1.9.0
95            Download and import trusted root certificates from Mozilla's LXR.
96            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
97
98            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
99            Importing certificates into user store...
100            93 new root certificates were added to your trust store.
101            2 previously trusted certificates were not part of the update.
102
103            Issuer: CN=Mono Test Root Agency
104            Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
105            Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM
106            Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
107            Thumbprint MD5:   AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
108            Are you sure you want to remove this certificate ? no
109
110       You can still use the synchronize option (--sync) if you have activated
111       the default test roots certificate on your system. They will be removed
112       at the end of the synchronization process but you can quickly add them
113       back with the
114       setreg
115       tool.
116            $ setreg 1 true
117
118       Another  option  to  ease  updates is to synchronize your machine trust
119       store (using the --machine option) and keep your customized (test) cer‐
120       tificates  in your personal store (or vice versa). Note that every user
121       on this computer will be trusting all the newly imported certificates.
122            $ mozroots --import --machine --sync
123            Mozilla Roots Importer - version 1.1.9.0
124            Download and import trusted root certificates from Mozilla's LXR.
125            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
126
127            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
128            Importing certificates into user store...
129            94 new root certificates were added to your trust store.
130            Import process completed.
131
132       Once the initial import is complete the number of changes (additions or
133       removals)  is  generally  very low. In this case it makes sense to know
134       about any changes (i.e. ask for confirmation). No confirmation will  be
135       required if no changes are made to your trust store.
136            $ mozroots --import --ask
137            Mozilla Roots Importer - version 1.1.9.0
138            Download and import trusted root certificates from Mozilla's LXR.
139            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
140
141            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
142            Importing certificates into user store...
143            Import process completed.
144

FILES

146       ~/.config/.mono/certs, /usr/share/.mono/certs
147
148       Contains  Mono  certificate  stores  for users / machine. See the cert‐
149       mgr(1) manual page for more information on managing certificate stores.
150
152       Copyright (C) 2005 Novell.
153

MAILING LISTS

155       Mailing lists  are  listed  at  the  http://www.mono-project.com/commu
156       nity/help/mailing-lists/
157

WEB SITE

159       http://www.mono-project.com
160

SEE ALSO

162       mono(1),certmgr(1).setreg(1)
163
164
165
166                                                                Mono(MozRoots)
Impressum