Provided by: mono-devel_6.12.0.199+dfsg-2.1_all bug

NAME
       mozroots - Download and import trusted root certificates from Mozilla's LXR into Mono's certificate store


SYNOPSIS
       mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-remove]]


DESCRIPTION
       This  program  downloads  the  trusted  root  certificates  from  the  Mozilla LXR web site into the Mono
       certificate store.

       Mono by default does not ship with any default certificates and allows  the  user  to  pick  its  trusted
       certificates.  The mozroots command will bring the Mozilla certificates into your local machine.


OPTIONS
       --import
              Import the certificates into the trust store.

       --sync Synchronize  (add/remove)  the  trust  store with the certificates.  Synchronize is useful for new
              Mono installations (no roots) and for automated updates (no  user  confirmation  for  addition  or
              removal).

       --ask  Always  confirm  before  adding  or  removing trusted certificates.  Note: The initial import will
              likely add about 100 new trusted root certificates into your store. You'll have to answer  yes  to
              every one of them if this option is specified.

       --ask-add
              Always  confirm before adding a new trusted certificate.  Note: The initial import will likely add
              about 100 new trusted root certificates into your store. You'll have to answer yes to every one of
              them if this option is specified.

       --ask-remove
              Always confirm before removing an existing trusted certificate.


ADVANCED OPTIONS
       --url url
              Specify  an  alternative  URL  for  downloading the trusted certificates (LXR source format). This
              should only be useful for testing or if the Mozilla's LXR web site address is changed. It can also
              be used to cache a local copy of the LXR file into your local intranet.

       --file name
              Do  not  download  from  LXR  but use the specified file. This is useful if many computers have to
              download the same file from the Internet.  This way you can keep a local copy  on  a  file  server
              (and minimize network traffic).

       --pkcs7 name
              Export  the  certificates  into  a  PKCS#7  file.  This is useful for debugging purpose or for re-
              importing the same list into other software.

       --machine
              Import the certificate in the machine trust store. The default  is  to  import  all  trusted  root
              certificates into the current user store.

       --quiet
              Limit console output to errors and confirmations messages. This is useful when scripting.


EXAMPLES
       After  the  initial  Mono  installation you'll have no trusted roots certificates pre-installed.  Neither
       will you have some root test certificates installed (your own or the ones provided by using setreg ).  In
       this  case  the  simplest  thing  to  do,  if  you want to trust all those certificates, is to import and
       synchronize.
            $ mozroots --import --sync
            Mozilla Roots Importer - version 1.1.9.0
            Download and import trusted root certificates from Mozilla's LXR.
            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
            Importing certificates into user store...
            93 new root certificates were added to your trust store.
            Import process completed.

       If you created some test certificates (e.g. for  using  SSL/TLS  with  XSP)  and/or  if  your  enterprise
       requires  some additional root certificates (e.g. intranet) then you may want to skip the removal part of
       the process. You can do this by asking for a removal confirmation (--ask-remove  option)  and  answer  no
       when prompted.
            $ mozroots --import --ask-remove
            Mozilla Roots Importer - version 1.1.9.0
            Download and import trusted root certificates from Mozilla's LXR.
            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
            Importing certificates into user store...
            93 new root certificates were added to your trust store.
            2 previously trusted certificates were not part of the update.

            Issuer: CN=Mono Test Root Agency
            Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
            Valid from 9/1/2003 11:55:48 AM to 12/31/2039 1:59:59 PM
            Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
            Thumbprint MD5:   AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
            Are you sure you want to remove this certificate ? no

       You can still use the synchronize option (--sync) if you have activated
       the default test roots certificate on your system. They will be removed
       at the end of the synchronization process but you can quickly add them
       back with the
       setreg
       tool.
            $ setreg 1 true

       Another  option  to  ease updates is to synchronize your machine trust store (using the --machine option)
       and keep your customized (test) certificates in your personal store (or vice versa). Note that every user
       on this computer will be trusting all the newly imported certificates.
            $ mozroots --import --machine --sync
            Mozilla Roots Importer - version 1.1.9.0
            Download and import trusted root certificates from Mozilla's LXR.
            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
            Importing certificates into user store...
            94 new root certificates were added to your trust store.
            Import process completed.

       Once  the initial import is complete the number of changes (additions or removals) is generally very low.
       In this case it makes sense to know about any changes (i.e. ask for confirmation). No  confirmation  will
       be required if no changes are made to your trust store.
            $ mozroots --import --ask
            Mozilla Roots Importer - version 1.1.9.0
            Download and import trusted root certificates from Mozilla's LXR.
            Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

            Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
            Importing certificates into user store...
            Import process completed.


FILES
       ~/.config/.mono/certs, /usr/share/.mono/certs

       Contains Mono certificate stores for users / machine. See the certmgr(1) manual page for more information
       on managing certificate stores.


COPYRIGHT
       Copyright (C) 2005 Novell.


MAILING LISTS
       Mailing lists are listed at the http://www.mono-project.com/community/help/mailing-lists/


WEB SITE
       http://www.mono-project.com


SEE ALSO
       mono(1),certmgr(1).setreg(1)

                                                                                                  Mono(MozRoots)