vfychain - Online in the Cloud

This is the command vfychain that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


vfychain_ - vfychain [options] [revocation options] certfile [[options] certfile] ...

SYNOPSIS


vfychain

STATUS


This documentation is still work in progress. Please contribute to the initial review in
Mozilla NSS bug 836477[1]

DESCRIPTION


The verification Tool, vfychain, verifies certificate chains. modutil can add and delete
PKCS #11 modules, change passwords on security databases, set defaults, list module
contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign
default providers for cryptographic operations. This tool can also create certificate,
key, and module security database files.

The tasks associated with security module database management are part of a process that
typically also involves managing key databases and certificate databases.

OPTIONS


-a
the following certfile is base64 encoded

-b YYMMDDHHMMZ
Validate date (default: now)

-d directory
database directory

-f
Enable cert fetching from AIA URL

-o oid
Set policy OID for cert validation(Format OID.1.2.3)

-p
Use PKIX Library to validate certificate by calling:

* CERT_VerifyCertificate if specified once,

* CERT_PKIXVerifyCert if specified twice and more.

-r
Following certfile is raw binary DER (default)

-t
Following cert is explicitly trusted (overrides db trust)

-u usage
0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient,
6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA

-T
Trust both explicit trust anchors (-t) and the database. (Without this option, the
default is to only trust certificates marked -t, if there are any, or to trust the
database if there are certificates marked -t.)

-v
Verbose mode. Prints root cert subject(double the argument for whole root cert info)

-w password
Database password

-W pwfile
Password file

Revocation options for PKIX API (invoked with -pp options) is a collection of the
following flags: [-g type [-h flags] [-m type [-s flags]] ...] ...

Where:

-g test-type
Sets status checking test type. Possible values are "leaf" or "chain"

-g test type
Sets status checking test type. Possible values are "leaf" or "chain".

-h test flags
Sets revocation flags for the test type it follows. Possible flags:
"testLocalInfoFirst" and "requireFreshInfo".

-m method type
Sets method type for the test type it follows. Possible types are "crl" and "ocsp".

-s method flags
Sets revocation flags for the method it follows. Possible types are "doNotUse",
"forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".

ADDITIONAL RESOURCES


For information about NSS and other tools related to NSS (like JSS), check out the NSS
project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
directly to NSS code changes and releases.

Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

IRC: Freenode at #dogtag-pki

AUTHORS


The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun,
Oracle, Mozilla, and Google.

Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

Use vfychain online using onworks.net services



Latest Linux & Windows online programs