1Mono(certmgr)                                                    Mono(certmgr)
2
3
4

NAME

6       certmgr - Mono Certificate Manager (CLI version)
7

SYNOPSIS

9       certmgr  [action]  [object  type] [options] store [filename] or certmgr
10       -ssl [options] url
11

DESCRIPTION

13       This tool allow to list, add, remove or extract certificates,  certifi‐
14       cate  revocation lists (CRL) or certificate trust lists (CTL) to/from a
15       certificate store. Certificate stores are used to  build  and  validate
16       certificate  chains for Authenticode(r) code signing validation and SSL
17       server certificates.
18

ACTIONS

20       -list  List the certificates, CTL or CTL in the specified store.
21
22       -add   Add a certificate, CRL or CTL to specified store.
23
24       -del   Remove a certificate, CRL or CTL from specified store. You  must
25              specify the object to be removed with it's hash value (and not a
26              filename). This hash value is shown when doing a  -list  on  the
27              store.
28
29       -put   Copy a certificate, CRL or CTL from a store to a file.
30
31       -ssl   Download  and add the certificates from a SSL session. You'll be
32              asked to confirm the addition of every certificate received from
33              the server. Note that SSL/TLS protocols do not requires a server
34              to send the root certificate.  This action assume an certificate
35              (-c) object type and will import the certificates in appropriate
36              stores (i.e. server certificate in the  OtherPeople  store,  the
37              root certificate in the Trust store, any other intermediate cer‐
38              tificates in the IntermediateCA store).
39
40

OBJECT TYPES

42       -c , -cert , -certificate
43              Add, Delete or Put certificates.  That  is  the  specified  file
44              must/will contains X.509 certificates in DER binary encoding.
45
46       -crl   Add,  Delete  or Put certificate revocation lists (CRL). That is
47              the specified file must/will contains X.509 CRL  in  DER  binary
48              encoding.
49
50       -ctl   Add, Delete or Put certificate trust lists (CRL). UNSUPPORTED.
51
52

OPTIONS

54       -m     Use  the  machine's  certificate  stores (instead of the default
55              user's stores).
56
57       -v     More details displayed on the console.
58
59       -help , -h , -? , /?
60              Display help about this tool.
61
62

FILES

64       WARNING: This details the current behavior of  Mono  and  could  change
65       between  releases.   The  only  safe  way  to interact with certificate
66       stores is to use the certmgr tool. The current releases of  Mono  keeps
67       all  the user certificate stores in separates directories under ~/.con‐
68       fig/.mono/certs/
69
70       For example the trusted root certificates for  a  user  would  be  kept
71       under
72              ~/.config/.mono/certs/Trust/
73
74       Certificates files are kept in DER (binary) format (extension .cer).
75
76       The filenames either starts with
77              tbp (thumbprint) or ski (subject key identifier).
78
79       The rest of the filename is the base64-encoded value (tbp or ski).
80
81

EXAMPLES

83       mono certmgr.exe -list -c -m Trust
84              List all certificates in the machine Trust store. This will dis‐
85              play the hash value for each certificate. This value can be used
86              to  identify  uniquely  a  certificate for some operations (e.g.
87              delete).             E.g.              Unique              Hash:
88              FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
89
90       mono         certmgr.exe         -del         -c        -m        Trust
91       FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
92              Remove the certificate, represented by the hash value, from  the
93              machine  Trust  store.  Note  that the machine store is normally
94              restricted. The following error message will appear if the  cur‐
95              rent  user  doesn't have the minimum access rights to remove the
96              certificate: Access to the machine 'Trust' certificate store has
97              been denied.
98
99       certmgr -ssl https://www.verisign.com
100              Import  certificates  from  www.verisign.com  used for HTTP over
101              SSL.  See  KNOWN  ISSUES  (MD2)  if  you're   downloading   from
102              www.verisign.com.
103
104       certmgr -ssl ldaps://www.nldap.com:636
105              Import the certificates from www.nldap.com used for secure LDAP.
106              This works even if we don't know how to speak  LDAP  because  we
107              stop  the  communication  shortly after the SSL handshake (which
108              gives us the certificate).
109
110

KNOWN ISSUES

112       MD2    Some Certificate Authorities (CA) old root certificates use  the
113              MD2  hash  algorithm.  MD2  is  old enough not to be part of the
114              standard .NET framework.  This makes it impossible to validate a
115              digital signature made with MD2. For this reason MD2 is included
116              in the Mono.Security.dll assembly.  However  the  machine.config
117              file must be updated so the OID for MD2 is known at runtime.
118
119              To  correct  this  insert  the  following XML snippet inside the
120              <configuration> element of your machine.config file.
121                <mscorlib>
122                  <cryptographySettings>
123                    <cryptoNameMapping>
124                      <cryptoClasses>
125                        <cryptoClass         monoMD2="Mono.Security.Cryptogra‐
126              phy.MD2Managed,  Mono.Security, Version=1.0.5000.0, Culture=neu‐
127              tral, PublicKeyToken=0738eb9f132ed756" />
128                      </cryptoClasses>
129                      <nameEntry name="MD2" class="monoMD2" />
130                    </cryptoNameMapping>
131                    <oidMap>
132                      <oidEntry OID="1.2.840.113549.2.2" name="MD2" />
133                    </oidMap>
134                  </cryptographySettings>
135                </mscorlib>
136
137

AUTHOR

139       Written by Sebastien Pouliot
140

142       Copyright (C) 2004-2005 Novell.
143

MAILING LISTS

145       Visit http://lists.ximian.com/mailman/listinfo/mono-list for details.
146

WEB SITE

148       Visit http://www.mono-project.com for details
149

SEE ALSO

151       makecert(1),setreg(1)
152
153
154
155                                                                 Mono(certmgr)
Impressum