Configuring The Server Certificate Use Preferences - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

5. A prompt opens which reads The Certificate chain is (un)trusted, are you sure you want to
(un)trust it?
Clicking yes changes the trust setting of the certificate chain; pressing no preserves the original
trust relationship.
10.4.4.2. Changing Trust Settings Using certutil
To change the trust setting of a certificate using certutil, do the following:
1. Open the instance's certificate databases directory.
cd /var/lib/instance_ID/alias
2. List the certificates in the database by running the certutil with the -L option. For example:
certutil -L -d .
Certificate Authority - Example Domain
subsystemCert cert-subsystem
Server-Cert cert-example
3. Change the trust settings for the certificate by running the certutil with the -M option.
certutil -M -n cert_nickname -t trust -d .
For example:
certutil -M -n "Certificate Authority - Example Domain" -t TCu,TCu,TCu -d .
4. List the certificates again to confirm that the certificate trust was changed.
certutil -L -d .
Certificate Authority - Example Domain
subsystemCert cert-subsystem
Server-Cert cert-example
For information about using the certutil command, see
nss/tools/certutil.html.

10.5. Configuring the Server Certificate Use Preferences

Configuring a Certificate System manager's security preferences involves identifying the following:
• The SSL client certificate a Certificate Manager must use for authenticating to the publishing
directory if the Certificate Manager is configured to publish certificates and CRLs to the directory.
• Whether bridged or cross-pair certificates are used and that they are properly installed.
Configuring the Server Certificate Use Preferences
CT,c,
u,u,u
u,u,u
CTu,CTu,CTu
u,u,u
u,u,u
http://www.mozilla.org/projects/security/pki/
229