3.3. 管理信任的系统证书
trust 命令提供了一种便捷的方式,来管理共享的系统范围信任存储中的证书。
要列出、提取、添加、删除或修改信任锚,请使用
trust命令。要查看这个命令的内置帮助信息,请不要输入任何参数,或使用--help指令:$ trust usage: trust command <args>... Common trust commands are: list List trust or certificates extract Extract certificates and trust extract-compat Extract trust compatibility bundles anchor Add, remove, change trust anchors dump Dump trust objects in internal format See 'trust <command> --help' for more information要列出所有系统信任锚和证书,请使用
trust list命令:$ trust list pkcs11:id=%d2%87%b4%e3%df%37%27%93%55%f6%56%ea%81%e5%36%cc%8c%1e%3f%bd;type=cert type: certificate label: ACCVRAIZ1 trust: anchor category: authority pkcs11:id=%a6%b3%e1%2b%2b%49%b6%d7%73%a1%aa%94%f5%01%e7%73%65%4c%ac%50;type=cert type: certificate label: ACEDICOM Root trust: anchor category: authority ...要将信任锚存储在系统范围的信任存储中,请使用
trust anchor子命令,并指定证书的路径。将 <path.to/certificate.crt> 替换为证书的路径及其文件名:# trust anchor <path.to/certificate.crt>要删除证书,请使用证书的路径或证书的 ID:
# trust anchor --remove <path.to/certificate.crt> # trust anchor --remove "pkcs11:id=<%AA%BB%CC%DD%EE>;type=cert"
其他资源
trust命令的所有子命令都提供了详细的内置帮助,例如。$ trust list --help usage: trust list --filter=<what> --filter=<what> filter of what to export ca-anchors certificate anchors ... --purpose=<usage> limit to certificates usable for the purpose server-auth for authenticating servers ...
其他资源
-
update-ca-trust(8)和trust(1)手册页
