1Mono(MozRoots) Mono(MozRoots)
2
3
4
6 mozroots - Download and import trusted root certificates from Mozilla's
7 LXR into Mono's certificate store
8
10 mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-
11 remove]]
12
14 This program downloads the trusted root certificates from the Mozilla
15 LXR web site into the Mono certificate store.
16
17 Mono by default does not ship with any default certificates and allows
18 the user to pick its trusted certificates. The mozroots command will
19 bring the Mozilla certificates into your local machine.
20
22 --import
23 Import the certificates into the trust store.
24
25 --sync Synchronize (add/remove) the trust store with the certificates.
26 Synchronize is useful for new Mono installations (no roots) and
27 for automated updates (no user confirmation for addition or
28 removal).
29
30 --ask Always confirm before adding or removing trusted certificates.
31 Note: The initial import will likely add about 100 new trusted
32 root certificates into your store. You'll have to answer yes to
33 every one of them if this option is specified.
34
35 --ask-add
36 Always confirm before adding a new trusted certificate. Note:
37 The initial import will likely add about 100 new trusted root
38 certificates into your store. You'll have to answer yes to every
39 one of them if this option is specified.
40
41 --ask-remove
42 Always confirm before removing an existing trusted certificate.
43
45 --url url
46 Specify an alternative URL for downloading the trusted certifi‐
47 cates (LXR source format). This should only be useful for test‐
48 ing or if the Mozilla's LXR web site address is changed. It can
49 also be used to cache a local copy of the LXR file into your
50 local intranet.
51
52 --file name
53 Do not download from LXR but use the specified file. This is
54 useful if many computers have to download the same file from the
55 Internet. This way you can keep a local copy on a file server
56 (and minimize network traffic).
57
58 --pkcs7 name
59 Export the certificates into a PKCS#7 file. This is useful for
60 debugging purpose or for re-importing the same list into other
61 software.
62
63 --machine
64 Import the certificate in the machine trust store. The default
65 is to import all trusted root certificates into the current user
66 store.
67
68 --quiet
69 Limit console output to errors and confirmations messages. This
70 is useful when scripting.
71
73 After the initial Mono installation you'll have no trusted roots cer‐
74 tificates pre-installed. Neither will you have some root test certifi‐
75 cates installed (your own or the ones provided by using setreg ). In
76 this case the simplest thing to do, if you want to trust all those cer‐
77 tificates, is to import and synchronize.
78 $ mozroots --import --sync
79 Mozilla Roots Importer - version 1.1.9.0
80 Download and import trusted root certificates from Mozilla's LXR.
81 Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
82
83 Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
84 Importing certificates into user store...
85 93 new root certificates were added to your trust store.
86 Import process completed.
87
88 If you created some test certificates (e.g. for using SSL/TLS with XSP)
89 and/or if your enterprise requires some additional root certificates
90 (e.g. intranet) then you may want to skip the removal part of the
91 process. You can do this by asking for a removal confirmation (--ask-
92 remove option) and answer no when prompted.
93 $ mozroots --import --ask-remove
94 Mozilla Roots Importer - version 1.1.9.0
95 Download and import trusted root certificates from Mozilla's LXR.
96 Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
97
98 Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
99 Importing certificates into user store...
100 93 new root certificates were added to your trust store.
101 2 previously trusted certificates were not part of the update.
102
103 Issuer: CN=Mono Test Root Agency
104 Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
105 Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM
106 Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
107 Thumbprint MD5: AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
108 Are you sure you want to remove this certificate ? no
109
110 You can still use the synchronize option (--sync) if you have activated
111 the default test roots certificate on your system. They will be removed
112 at the end of the synchronization process but you can quickly add them
113 back with the
114 setreg
115 tool.
116 $ setreg 1 true
117
118 Another option to ease updates is to synchronize your machine trust
119 store (using the --machine option) and keep your customized (test) cer‐
120 tificates in your personal store (or vice versa). Note that every user
121 on this computer will be trusting all the newly imported certificates.
122 $ mozroots --import --machine --sync
123 Mozilla Roots Importer - version 1.1.9.0
124 Download and import trusted root certificates from Mozilla's LXR.
125 Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
126
127 Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
128 Importing certificates into user store...
129 94 new root certificates were added to your trust store.
130 Import process completed.
131
132 Once the initial import is complete the number of changes (additions or
133 removals) is generally very low. In this case it makes sense to know
134 about any changes (i.e. ask for confirmation). No confirmation will be
135 required if no changes are made to your trust store.
136 $ mozroots --import --ask
137 Mozilla Roots Importer - version 1.1.9.0
138 Download and import trusted root certificates from Mozilla's LXR.
139 Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
140
141 Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
142 Importing certificates into user store...
143 Import process completed.
144
146 ~/.config/.mono/certs, /usr/share/.mono/certs
147
148 Contains Mono certificate stores for users / machine. See the cert‐
149 mgr(1) manual page for more information on managing certificate stores.
150
152 Copyright (C) 2005 Novell.
153
155 Mailing lists are listed at the http://www.mono-project.com/Mail‐
156 ing_Lists
157
159 http://www.mono-project.com
160
162 mono(1),[22mcertmgr(1).setreg(1)
163
164
165
166 Mono(MozRoots)