LinuxCommandLibrary

trust

Manage system's certificate trust store

TLDR

List trust policy store items

$ trust list
copy

List information about specific items in the trust policy store
$ trust list --filter=[blocklist|ca-anchors|certificates|trust-policy]
copy

Store a specific trust anchor in the trust policy store
$ trust anchor [path/to/certificate.crt]
copy

Remove a specific anchor from the trust policy store
$ trust anchor --remove [path/to/certificate.crt]
copy

Extract trust policy from the shared trust policy store
$ trust extract --format=x509-directory --filter=ca-anchors [path/to/directory]
copy

Display help for a subcommand
$ trust [subcommand] --help
copy

SYNOPSIS

trust {command} [options]

PARAMETERS

dump
    Outputs the current trust settings in a human-readable format.

extract
    Extracts certificates from a PKCS#11 module or other sources.

anchor
    Adds a certificate as a trust anchor (root CA).

reject
    Adds a certificate to the blacklist, preventing it from being trusted.

disable
    Disables a certificate from being trusted, but does not remove it.

enable
    Enables a certificate that was previously disabled.

show
    Displays detailed information about a specific certificate.

--help
    Displays a help message about the usage of the command and available options.

--version
    Displays the version of the trust command.

DESCRIPTION

The trust command is a command-line tool used to manage the system's trust store. The trust store contains information about Certificate Authorities (CAs) and other cryptographic trust anchors, which are used to verify the authenticity of certificates presented by websites, software, and other entities. The trust command allows users to add, remove, and query trust settings, effectively controlling which CAs the system trusts.
It integrates with system-wide mechanisms for storing and retrieving trust information, such as PKCS#11 modules, and can be used to configure trust policies for different applications and services. It is crucial for establishing secure connections and ensuring that the software installed on the system is legitimate and unaltered.

PKCS#11 INTEGRATION

The trust command often interacts with PKCS#11 modules to manage hardware security modules (HSMs) and smart cards, allowing certificates to be stored and used securely.

SEE ALSO

openssl(1)

Copied to clipboard