Provided by: mono-devel_6.12.0.199+dfsg-2_all
NAME
mozroots - Download and import trusted root certificates from Mozilla's LXR into Mono's certificate store
SYNOPSIS
mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-remove]]
DESCRIPTION
This program downloads the trusted root certificates from the Mozilla LXR web site into the Mono certificate store. Mono by default does not ship with any default certificates and allows the user to pick its trusted certificates. The mozroots command will bring the Mozilla certificates into your local machine.
OPTIONS
--import Import the certificates into the trust store. --sync Synchronize (add/remove) the trust store with the certificates. Synchronize is useful for new Mono installations (no roots) and for automated updates (no user confirmation for addition or removal). --ask Always confirm before adding or removing trusted certificates. Note: The initial import will likely add about 100 new trusted root certificates into your store. You'll have to answer yes to every one of them if this option is specified. --ask-add Always confirm before adding a new trusted certificate. Note: The initial import will likely add about 100 new trusted root certificates into your store. You'll have to answer yes to every one of them if this option is specified. --ask-remove Always confirm before removing an existing trusted certificate.
ADVANCED OPTIONS
--url url Specify an alternative URL for downloading the trusted certificates (LXR source format). This should only be useful for testing or if the Mozilla's LXR web site address is changed. It can also be used to cache a local copy of the LXR file into your local intranet. --file name Do not download from LXR but use the specified file. This is useful if many computers have to download the same file from the Internet. This way you can keep a local copy on a file server (and minimize network traffic). --pkcs7 name Export the certificates into a PKCS#7 file. This is useful for debugging purpose or for re-importing the same list into other software. --machine Import the certificate in the machine trust store. The default is to import all trusted root certificates into the current user store. --quiet Limit console output to errors and confirmations messages. This is useful when scripting.
EXAMPLES
After the initial Mono installation you'll have no trusted roots certificates pre- installed. Neither will you have some root test certificates installed (your own or the ones provided by using setreg ). In this case the simplest thing to do, if you want to trust all those certificates, is to import and synchronize. $ mozroots --import --sync Mozilla Roots Importer - version 1.1.9.0 Download and import trusted root certificates from Mozilla's LXR. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed. Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'... Importing certificates into user store... 93 new root certificates were added to your trust store. Import process completed. If you created some test certificates (e.g. for using SSL/TLS with XSP) and/or if your enterprise requires some additional root certificates (e.g. intranet) then you may want to skip the removal part of the process. You can do this by asking for a removal confirmation (--ask-remove option) and answer no when prompted. $ mozroots --import --ask-remove Mozilla Roots Importer - version 1.1.9.0 Download and import trusted root certificates from Mozilla's LXR. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed. Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'... Importing certificates into user store... 93 new root certificates were added to your trust store. 2 previously trusted certificates were not part of the update. Issuer: CN=Mono Test Root Agency Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28 Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63 Thumbprint MD5: AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62 Are you sure you want to remove this certificate ? no You can still use the synchronize option (--sync) if you have activated the default test roots certificate on your system. They will be removed at the end of the synchronization process but you can quickly add them back with the setreg tool. $ setreg 1 true Another option to ease updates is to synchronize your machine trust store (using the --machine option) and keep your customized (test) certificates in your personal store (or vice versa). Note that every user on this computer will be trusting all the newly imported certificates. $ mozroots --import --machine --sync Mozilla Roots Importer - version 1.1.9.0 Download and import trusted root certificates from Mozilla's LXR. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed. Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'... Importing certificates into user store... 94 new root certificates were added to your trust store. Import process completed. Once the initial import is complete the number of changes (additions or removals) is generally very low. In this case it makes sense to know about any changes (i.e. ask for confirmation). No confirmation will be required if no changes are made to your trust store. $ mozroots --import --ask Mozilla Roots Importer - version 1.1.9.0 Download and import trusted root certificates from Mozilla's LXR. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed. Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'... Importing certificates into user store... Import process completed.
FILES
~/.config/.mono/certs, /usr/share/.mono/certs Contains Mono certificate stores for users / machine. See the certmgr(1) manual page for more information on managing certificate stores.
COPYRIGHT
Copyright (C) 2005 Novell.
MAILING LISTS
Mailing lists are listed at the http://www.mono-project.com/community/help/mailing-lists/
WEB SITE
http://www.mono-project.com
SEE ALSO
mono(1),certmgr(1).setreg(1) Mono(MozRoots)