diff options
Diffstat (limited to 'certutil.xml')
-rw-r--r-- | certutil.xml | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/certutil.xml b/certutil.xml index 734003a..d0e04e9 100644 --- a/certutil.xml +++ b/certutil.xml @@ -94,7 +94,7 @@ When you delete keys, be sure to also remove any certificates associated with th <varlistentry> <term>-K </term> - <listitem><para>List the keyID of keys in the key database. A keyID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</para></listitem> + <listitem><para>List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</para></listitem> </varlistentry> <varlistentry> @@ -414,7 +414,7 @@ the default and create a validity period of one month.</para></listitem> <varlistentry> <term>-3 </term> - <listitem><para>Add an authority keyID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority keyID extension.</para> + <listitem><para>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</para> <para>X.509 certificate extensions are described in RFC 5280.</para></listitem> </varlistentry> @@ -589,7 +589,7 @@ the default and create a validity period of one month.</para></listitem> The <option>-R</option> command options requires four arguments: </para> <para> - * <option>-k</option> to specify either the key type to generate or, when renewing a certificate, the exisitng key pair to use + * <option>-k</option> to specify either the key type to generate or, when renewing a certificate, the existing key pair to use </para> <para> * <option>-g</option> to set the keysize of the key to generate @@ -661,7 +661,7 @@ qmtyQNjIi1F8c1Z+TL4uFYlMg8z6LG/J/u1E5t1QqB5e9Q4+BhRbrQjRR1JZx3tB <para> Key pairs are generated automatically with a certificate request or certificate, but they can also be generated independently using the <option>-G</option> command option. </para> -<programlisting language="Bash">certutil -G -d directory | -h tokenname -k key-type -g key-size [-y exponent-value] -q pgfile|curve-name</programlisting> +<programlisting language="Bash">certutil -G -d directory | -h tokenname -k key-type -g key-size [-y exponent-value] -q pqgfile|curve-name</programlisting> <para> For example: </para> @@ -710,7 +710,7 @@ nI7q5n1USM3eWQlVXw== <para><command>Listing Keys</command></para> <para> - Keys are the orignal material used to encrypt certificate data. The keys generated for certificates are stored separately, in the <filename>key3.db</filename> database. + Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the <filename>key3.db</filename> database. </para> <para> To list all keys in the database, use the <option>-K</option> command option and the (required) <option>-d</option> argument to give the path to the directory. @@ -791,7 +791,7 @@ certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and <para><command>Printing the Certificate Chain</command></para> <para> - Certificates can be issued in <emphasis>chains</emphasis> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <option>-O</option> prints the full chain of a certificate, going from the intial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain: + Certificates can be issued in <emphasis>chains</emphasis> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <option>-O</option> prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain: </para> <programlisting language="Bash">$ certutil -d . -O -n "jsmith@example.com" "Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA] |