diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-11-16 10:14:44 +0100 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-11-16 10:14:44 +0100 |
commit | 813d79cee3525060ede41765b8e0b12465256778 (patch) | |
tree | 5b6c803797c9f16b32d0693e4e57b781802a4a24 /doc/certutil.xml | |
parent | 62a79eaab71cdf616b9d4a7a5a18a69172b7babb (diff) | |
download | nss-hg-813d79cee3525060ede41765b8e0b12465256778.tar.gz |
Bug 1413308, document PKCS #11 URI usage in tools manual, r=rrelyea
Diffstat (limited to 'doc/certutil.xml')
-rw-r--r-- | doc/certutil.xml | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/doc/certutil.xml b/doc/certutil.xml index 01dfd013b..5c3b3501a 100644 --- a/doc/certutil.xml +++ b/doc/certutil.xml @@ -258,7 +258,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their <varlistentry> <term>-h tokenname</term> - <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para></listitem> + <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para> + <para>The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.</para></listitem> </varlistentry> <varlistentry> @@ -292,7 +293,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their <varlistentry> <term>-n nickname</term> - <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para></listitem> + <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para> + <para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem> </varlistentry> <varlistentry> @@ -1017,9 +1019,11 @@ certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and slot: NSS User Private Key and Certificate Services token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 slot: NSS Internal Cryptographic Services - token: NSS Generic Crypto Services</programlisting> + token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203</programlisting> <para><command>Adding Certificates to the Database</command></para> <para> |