Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(32)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: docs/linux_cert_management.md

Issue 1324603002: [Docs] Another round of stylistic fixes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « docs/linux_building_debug_gtk.md ('k') | docs/linux_chromium_arm.md » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: docs/linux_cert_management.md
diff --git a/docs/linux_cert_management.md b/docs/linux_cert_management.md
index 7faf6bafdd5fa9034e4f4b904c8a13fbe6c4ebea..7c75acf8ceabdb12ea5427dc319480b2d9108533 100644
--- a/docs/linux_cert_management.md
+++ b/docs/linux_cert_management.md
@@ -1,64 +1,96 @@
-**NOTE:** SSL client authentication with personal certificates does not work completely in Linux, see [issue 16830](http://code.google.com/p/chromium/issues/detail?id=16830) and [issue 25241](http://code.google.com/p/chromium/issues/detail?id=25241).
+# Linux Cert Management
-# Introduction
+**NOTE:** SSL client authentication with personal certificates does not work
+completely in Linux, see [issue 16830](https://crbug.com/16830) and
+[issue 25241](https://crbug.com/25241).
-The easy way to manage certificates is navigate to chrome://settings/search#ssl. Then click on the "Manage Certificates" button. This will load a built-in interface for managing certificates.
+The easy way to manage certificates is navigate to chrome://settings/search#ssl.
+Then click on the "Manage Certificates" button. This will load a built-in
+interface for managing certificates.
-On Linux, Chromium uses the [NSS Shared DB](https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX). If the built-in manager does not work for you then you can configure certificates with the [NSS command line tools](http://www.mozilla.org/projects/security/pki/nss/tools/).
+On Linux, Chromium uses the
+[NSS Shared DB](https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX). If the
+built-in manager does not work for you then you can configure certificates with
+the
+[NSS command line tools](http://www.mozilla.org/projects/security/pki/nss/tools/).
-# Details
+## Details
-## Get the tools
- * Debian/Ubuntu: `sudo apt-get install libnss3-tools`
- * Fedora: `su -c "yum install nss-tools"`
- * Gentoo: `su -c "echo 'dev-libs/nss utils' >> /etc/portage/package.use && emerge dev-libs/nss"` (You need to launch all commands below with the `nss` prefix, e.g., `nsscertutil`.)
- * Opensuse: `sudo zypper install mozilla-nss-tools`
+### Get the tools
+* Debian/Ubuntu: `sudo apt-get install libnss3-tools`
+* Fedora: `su -c "yum install nss-tools"`
+* Gentoo: `su -c "echo 'dev-libs/nss utils' >> /etc/portage/package.use &&
+ emerge dev-libs/nss"` (You need to launch all commands below with the `nss`
+ prefix, e.g., `nsscertutil`.)
+* Opensuse: `sudo zypper install mozilla-nss-tools`
-## List all certificates
+### List all certificates
-`certutil -d sql:$HOME/.pki/nssdb -L`
+ certutil -d sql:$HOME/.pki/nssdb -L
+
+#### Ubuntu Jaunty error
-### Ubuntu Jaunty error
Above (and most commands) gives:
-`certutil: function failed: security library: invalid arguments.`
+ certutil: function failed: security library: invalid arguments.
Package version 3.12.3.1-0ubuntu0.9.04.2
-## List details of a certificate
+### List details of a certificate
-`certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>`
+ certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>
-## Add a certificate
+### Add a certificate
-`certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> -i <certificate filename>`
+```shell
+certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> \
+-i <certificate filename>
+```
-The TRUSTARGS are three strings of zero or more alphabetic
-characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the [certutil docs](http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193) or [Meena's blog post on trust flags](https://blogs.oracle.com/meena/entry/notes_about_trust_flags).
+The TRUSTARGS are three strings of zero or more alphabetic characters, separated
+by commas. They define how the certificate should be trusted for SSL, email, and
+object signing, and are explained in the
+[certutil docs](http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193)
+or
+[Meena's blog post on trust flags](https://blogs.oracle.com/meena/entry/notes_about_trust_flags).
-For example, to trust a root CA certificate for issuing SSL server certificates, use
+For example, to trust a root CA certificate for issuing SSL server certificates,
+use
-`certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n <certificate nickname> -i <certificate filename>`
+```shell
+certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n <certificate nickname> \
+-i <certificate filename>
+```
To import an intermediate CA certificate, use
-`certutil -d sql:$HOME/.pki/nssdb -A -t ",," -n <certificate nickname> -i <certificate filename>`
+```shell
+certutil -d sql:$HOME/.pki/nssdb -A -t ",," -n <certificate nickname> \
+-i <certificate filename>
+```
Note: to trust a self-signed server certificate, we should use
-`certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n <certificate nickname> -i <certificate filename>`
+```
+certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n <certificate nickname> \
+-i <certificate filename>
+```
-This should work now, because [NSS bug 531160](https://bugzilla.mozilla.org/show_bug.cgi?id=531160) is claimed to be fixed in a related bug report. If it doesn't work, then to work around the NSS bug, you have to trust it as a CA using the "C,," trust flags.
+This should work now, because
+[NSS bug 531160](https://bugzilla.mozilla.org/show_bug.cgi?id=531160) is claimed
+to be fixed in a related bug report. If it doesn't work, then to work around
+the NSS bug, you have to trust it as a CA using the "C,," trust flags.
-### Add a personal certificate and private key for SSL client authentication
+#### Add a personal certificate and private key for SSL client authentication
Use the command:
-`pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12`
+ pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12
-to import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to "u,u,u".
+to import a personal certificate and private key stored in a PKCS #12 file. The
+TRUSTARGS of the personal certificate will be set to "u,u,u".
-## Delete a certificate
+### Delete a certificate
-`certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>`
+ certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>
« no previous file with comments | « docs/linux_building_debug_gtk.md ('k') | docs/linux_chromium_arm.md » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698