trust
Manage system's certificate trust store
TLDR
List trust policy store items
List information about specific items in the trust policy store
Store a specific trust anchor in the trust policy store
Remove a specific anchor from the trust policy store
Extract trust policy from the shared trust policy store
Display help for a subcommand
SYNOPSIS
trust {command} [options]
PARAMETERS
dump
Outputs the current trust settings in a human-readable format.
extract
Extracts certificates from a PKCS#11 module or other sources.
anchor
Adds a certificate as a trust anchor (root CA).
reject
Adds a certificate to the blacklist, preventing it from being trusted.
disable
Disables a certificate from being trusted, but does not remove it.
enable
Enables a certificate that was previously disabled.
show
Displays detailed information about a specific certificate.
--help
Displays a help message about the usage of the command and available options.
--version
Displays the version of the trust command.
DESCRIPTION
The trust command is a command-line tool used to manage the system's trust store. The trust store contains information about Certificate Authorities (CAs) and other cryptographic trust anchors, which are used to verify the authenticity of certificates presented by websites, software, and other entities. The trust command allows users to add, remove, and query trust settings, effectively controlling which CAs the system trusts.
It integrates with system-wide mechanisms for storing and retrieving trust information, such as PKCS#11 modules, and can be used to configure trust policies for different applications and services. It is crucial for establishing secure connections and ensuring that the software installed on the system is legitimate and unaltered.
PKCS#11 INTEGRATION
The trust command often interacts with PKCS#11 modules to manage hardware security modules (HSMs) and smart cards, allowing certificates to be stored and used securely.
SEE ALSO
openssl(1)