trust

List trust policy store items

$ trust list

$ trust list --filter=[blocklist|ca-anchors|certificates|trust-policy]

$ trust anchor [path/to/certificate.crt]

$ trust anchor --remove [path/to/certificate.crt]

$ trust extract --format=x509-directory --filter=ca-anchors [path/to/directory]

$ trust [subcommand] --help

trust {command} [options]

dump
    Outputs the current trust settings in a human-readable format.

extract
    Extracts certificates from a PKCS#11 module or other sources.

anchor
    Adds a certificate as a trust anchor (root CA).

reject
    Adds a certificate to the blacklist, preventing it from being trusted.

disable
    Disables a certificate from being trusted, but does not remove it.

enable
    Enables a certificate that was previously disabled.

show
    Displays detailed information about a specific certificate.

--help
    Displays a help message about the usage of the command and available options.

--version
    Displays the version of the trust command.

The trust command is a command-line tool used to manage the system's trust store. The trust store contains information about Certificate Authorities (CAs) and other cryptographic trust anchors, which are used to verify the authenticity of certificates presented by websites, software, and other entities. The trust command allows users to add, remove, and query trust settings, effectively controlling which CAs the system trusts.
It integrates with system-wide mechanisms for storing and retrieving trust information, such as PKCS#11 modules, and can be used to configure trust policies for different applications and services. It is crucial for establishing secure connections and ensuring that the software installed on the system is legitimate and unaltered.

The trust command often interacts with PKCS#11 modules to manage hardware security modules (HSMs) and smart cards, allowing certificates to be stored and used securely.

openssl(1)