ããã¯ãUbuntu OnlineãFedora OnlineãWindows ãªã³ã©ã€ã³ ãšãã¥ã¬ãŒã¿ãŒããŸã㯠MAC OS ãªã³ã©ã€ã³ ãšãã¥ã¬ãŒã¿ãŒãªã©ã®è€æ°ã®ç¡æãªã³ã©ã€ã³ ã¯ãŒã¯ã¹ããŒã·ã§ã³ã® XNUMX ã€ã䜿çšããŠãOnWorks ç¡æãã¹ãã£ã³ã° ãããã€ããŒã§å®è¡ã§ããã³ãã³ã crlutil ã§ãã
ããã°ã©ã ïŒ
NAME
crlutil - NSS ã»ãã¥ãªã㣠ããŒã¿ããŒã¹ ãã¡ã€ã«å ã® CRL ãäžèŠ§è¡šç€ºãçæãå€æŽããŸãã¯åé€ããŸãã
ç¹å®ã® CRL å ã®èšŒææžãšã³ããªãäžèŠ§è¡šç€ºãäœæãå€æŽããŸãã¯åé€ããŸãã
SYNOPSIS
ã¯ã«ãã£ã« [ãªãã·ã§ã³] [[åŒæ°]]
ã¹ããŒã¿ã¹
ãã®ããã¥ã¡ã³ãã¯ãŸã é²è¡äžã§ãã ã®æåã®ã¬ãã¥ãŒã«è²¢ç®ããŠãã ãã
ã¢ãžã© NSS ãã° 836477ã1]
DESCRIPTION
蚌ææžå€±å¹ãªã¹ã (CRL) 管çããŒã«ã ã¯ã«ãã£ã«ãã³ãã³ãã©ã€ã³ãŠãŒãã£ãªãã£ã§ã
NSS ã»ãã¥ãªã㣠ããŒã¿ããŒã¹ ãã¡ã€ã«å ã® CRL ãäžèŠ§è¡šç€ºãçæãå€æŽããŸãã¯åé€ã§ããŸãã
ç¹å®ã® CRL å ã®èšŒææžãšã³ããªãäžèŠ§è¡šç€ºãäœæãå€æŽããŸãã¯åé€ããŸãã
ããŒãšèšŒææžã®ç®¡çããã»ã¹ã¯éåžžãããŒå ã«ããŒãäœæããããšããå§ãŸããŸãã
ããŒã¿ããŒã¹ãäœæãã蚌ææžããŒã¿ããŒã¹å ã§èšŒææžãçæããã³ç®¡çããŸã(ã
certutil ããŒã«)ã蚌ææžã®æå¹æéãŸãã¯å€±å¹ãç¶è¡ããŸãã
ãã®ææžã§ã¯ã蚌ææžå€±å¹ãªã¹ãã®ç®¡çã«ã€ããŠèª¬æããŸãã 詳现ã«ã€ããŠã¯ã
ã»ãã¥ãªã㣠ã¢ãžã¥ãŒã« ããŒã¿ããŒã¹ã®ç®¡çã«ã€ããŠã¯ããã»ãã¥ãªã㣠ã¢ãžã¥ãŒã« ããŒã¿ããŒã¹ ããŒã«ã®äœ¿çšããåç §ããŠãã ããã ããã«
蚌ææžãšéµããŒã¿ããŒã¹ã®ç®¡çã«ã€ããŠã¯ãã蚌ææžããŒã¿ããŒã¹ã®äœ¿çšããåç §ããŠãã ããã
ããŒã«ã
蚌ææžå€±å¹ãªã¹ã管çããŒã«ãå®è¡ããã«ã¯ã次ã®ã³ãã³ããå ¥åããŸãã
crlutil ãªãã·ã§ã³ [åŒæ°]
ããã§ããªãã·ã§ã³ãšåŒæ°ã¯ã
次ã®ã»ã¯ã·ã§ã³ã åã³ãã³ãã«ã¯ XNUMX ã€ã®ãªãã·ã§ã³ããããŸãã åãªãã·ã§ã³ã«ã¯ XNUMX å以äžã®å€ãæå®ã§ããŸã
åŒæ°ã 䜿çšæ³æååã衚瀺ããã«ã¯ããªãã·ã§ã³ãæå®ããã«ã³ãã³ããå®è¡ãããã-H ãæå®ããŠã³ãã³ããçºè¡ããŸãã
ãªãã·ã§ã³ãéžæããŸãã
OPTIONS ãã㊠è°è«
ãªãã·ã§ã³
ãªãã·ã§ã³ã¯ã¢ã¯ã·ã§ã³ãæå®ããŸãã ãªãã·ã§ã³åŒæ°ã¯ã¢ã¯ã·ã§ã³ãå€æŽããŸãã ãªãã·ã§ã³ãšåŒæ°
crlutil ã³ãã³ãã®å Žåã¯æ¬¡ã®ããã«å®çŸ©ãããŸãã
-D
蚌ææžå€±å¹ãªã¹ãã蚌ææžããŒã¿ããŒã¹ããåé€ããŸãã
-E
æå®ãããã¿ã€ãã®ãã¹ãŠã® CRL ã蚌ææžããŒã¿ããŒã¹ããæ¶å»ããŸã
-G
æ°ãã蚌ææžå€±å¹ãªã¹ã (CRL) ãäœæããŸãã
-I
CRL ã蚌ææžããŒã¿ããŒã¹ã«ã€ã³ããŒããã
-L
蚌ææžããŒã¿ããŒã¹ ãã¡ã€ã«ã«ããæ¢åã® CRL ãäžèŠ§è¡šç€ºããŸãã
-M
cert db ãŸãã¯ä»»æã®ãã¡ã€ã«ã«ããæ¢åã® CRL ãå€æŽããŸãã èŠã€ãã£ãå Žå
ãã¡ã€ã«ã§ã¯ãASN.1 ãšã³ã³ãŒã圢åŒã§ãšã³ã³ãŒãããå¿ èŠããããŸãã
-S
ããŒã¿ããŒã¹ã«ä¿åãããŠããªã CRL ãã¡ã€ã«ã®å 容ã衚瀺ããŸãã
Arguments
ãªãã·ã§ã³åŒæ°ã¯ã¢ã¯ã·ã§ã³ãå€æŽããŸãã
-a
ASCII 圢åŒã䜿çšããããå ¥åºåã« ASCII 圢åŒã®äœ¿çšãèš±å¯ããŸãã ãã
ãã©ãŒããã㯠RFC #1113 ã«åŸããŸãã
-B
CA 眲åãã§ãã¯ããã€ãã¹ããŸãã
-c crl-gen-ãã¡ã€ã«
crlã®çæ/å€æŽãå¶åŸ¡ããããã«äœ¿çšããã¹ã¯ãªãããã¡ã€ã«ãæå®ããŸãã èŠã
以äžã® crl-cript-file 圢åŒã ãªãã·ã§ã³ -M|-G ã䜿çšããã-c crl-script-file ã䜿çšãããªãå Žå
æå®ãããšãcrlutil ã¯æšæºå ¥åããã¹ã¯ãªãã ããŒã¿ãèªã¿åããŸãã
-dãã£ã¬ã¯ããª
蚌ææžãšéµããŒã¿ããŒã¹ ãã¡ã€ã«ãå«ãããŒã¿ããŒã¹ ãã£ã¬ã¯ããªãæå®ããŸãã ã®äž
Unix ã®å Žåã蚌ææžããŒã¿ããŒã¹ ããŒã«ã®ããã©ã«ã㯠$HOME/.netscape (ã€ãŸãã ~/.netscape).
Windows NT ã§ã¯ãããã©ã«ãã¯çŸåšã®ãã£ã¬ã¯ããªã§ãã
NSS ããŒã¿ããŒã¹ ãã¡ã€ã«ã¯åããã£ã¬ã¯ããªã«ååšããå¿ èŠããããŸãã
-fãã¹ã¯ãŒããã¡ã€ã«
蚌ææžã«å«ãããã¹ã¯ãŒããèªåçã«æäŸãããã¡ã€ã«ãæå®ããŸã
ãŸãã¯èšŒææžããŒã¿ããŒã¹ã«ã¢ã¯ã»ã¹ããŸãã ããã¯XNUMXã€ãå«ããã¬ãŒã³ããã¹ããã¡ã€ã«ã§ã
ãã¹ã¯ãŒãã ãã®ãã¡ã€ã«ãžã®äžæ£ã¢ã¯ã»ã¹ãé²æ¢ããŠãã ããã
-i crlãã¡ã€ã«
ã€ã³ããŒããŸãã¯è¡šç€ºãã CRL ãå«ããã¡ã€ã«ãæå®ããŸãã
-l ã¢ã«ãŽãªãºã å
ç¹å®ã®çœ²åã¢ã«ãŽãªãºã ãæå®ããŸãã å¯èœãªã¢ã«ãŽãªãºã ã®ãªã¹ã: MD2 | MD4 | MD5 |
SHA1 | SHA256 | SHA384ââ512 | SHAXNUMX
-nããã¯ããŒã
ãªã¹ããäœæãããŒã¿ããŒã¹ãžã®è¿œå ãè¡ã蚌ææžãŸãã¯ããŒã®ããã¯ããŒã ãæå®ãã
å€æŽãŸãã¯æ€èšŒããŸãã ããã¯ããŒã ã®æååãå«ãŸããŠããå Žåã¯ãåŒçšç¬Šã§å²ã¿ãŸã
ã¹ããŒã¹
-oåºåãã¡ã€ã«
æ°ãã CRL ã®åºåãã¡ã€ã«åãæå®ããŸãã åºåãã¡ã€ã«ã®æååã次ã®ããã«æ¬åŒ§ã§å²ã¿ãŸãã
ã¹ããŒã¹ãå«ãŸããå Žåã¯åŒçšç¬Šã§å²ã¿ãŸãã ãã®åŒæ°ã䜿çšãããªãå Žåãåºåã¯
åºåå ã®ããã©ã«ãã¯æšæºåºåã§ãã
-P ããŒã¿ããŒã¹ãã¬ãã£ãã¯ã¹
NSS ã»ãã¥ãªã㣠ããŒã¿ããŒã¹ ãã¡ã€ã«ã§äœ¿çšããããã¬ãã£ãã¯ã¹ãæå®ããŸã (äŸ: my_cert8.db)
ããã³ my_key3.db)ã ãã®ãªãã·ã§ã³ã¯ç¹å¥ãªã±ãŒã¹ãšããŠæäŸãããŸãã ã®ååãå€æŽãã
蚌ææžããã³éµããŒã¿ããŒã¹ã®äœ¿çšã¯æšå¥šãããŸããã
-t crl ã¿ã€ã
CRLã®çš®é¡ãæå®ããŸãã å¯èœãªã¿ã€ãã¯æ¬¡ã®ãšããã§ã: 0 - SEC_KRL_TYPEã1 - SEC_CRL_TYPEã ãã
ãªãã·ã§ã³ã¯å»æ¢ãããŸãã
-u URL
URLãæå®ããŸãã
-w pwd æåå
ã³ãã³ãã©ã€ã³ã§ db ãã¹ã¯ãŒããæå®ããŸãã
-Zã¢ã«ãŽãªãºã
CRL ã®çœ²åã«äœ¿çšããããã·ã¥ ã¢ã«ãŽãªãºã ãæå®ããŸãã
CRL GENERATION SCRIPT æ§æ
CRL çæã¹ã¯ãªãã ãã¡ã€ã«ã®æ§æã¯æ¬¡ã®ãšããã§ãã
* ã³ã¡ã³ãã®ããè¡ã«ã¯ãè¡ã®æåã®èšå·ãšã㊠# ãå¿ èŠã§ã
* ãä»åã®æŽæ°ããŸãã¯ã次ã®æŽæ°ãã® CRL ãã£ãŒã«ããèšå®ããŸãã
update=YYYYMMDDhhmmssZ nextupdate=YYYYMMDDhhmmssZ
ã次åæŽæ°ããã£ãŒã«ãã¯ãªãã·ã§ã³ã§ãã æé㯠GeneralizedTime 圢åŒã§ããå¿ èŠããããŸã
(YYYYMMDDhhmmssZ)ã äŸ: 20050204153000Z
* CRL ãŸã㯠crl 蚌ææžãšã³ããªã«æ¡åŒµåãè¿œå ããŸãã
addext æ¡åŒµåå ã¯ãªãã£ã«ã«/éã¯ãªãã£ã«ã« [arg1[arg2 ...]]
ã©ãïŒ
extension-name: æ¢ç¥ã®æ¡åŒµåã®ååã®æååå€ã ã¯ãªãã£ã«ã«/éã¯ãªãã£ã«ã«: 㯠1
æ¡åŒµãéèŠãªå Žå㯠0ããã以å€ã®å Žå㯠1ã arg2ãargXNUMX: æ¡åŒµã¿ã€ãã«åºæ
æ¡åŒµãã©ã¡ãŒã¿
addext ã¯ãaddcert ã«ãã£ãŠä»¥åã«èšå®ãããç¯å²ã䜿çšããæ¡åŒµæ©èœã次ã®å Žæã«ã€ã³ã¹ããŒã«ããŸãã
ç¯å²å ã®ãã¹ãŠã®èšŒææžãšã³ããªã
* CRL ã«èšŒææžãšã³ããªãè¿œå ããŸãã
蚌ææžç¯å²ã®æ¥ä»ãè¿œå
ç¯å²: ããã·ã¥ã§åºåããã XNUMX ã€ã®æŽæ°å€: ã«ãã£ãŠè¿œå ããã蚌ææžã®ç¯å²
ãã®ã³ãã³ãã ããã·ã¥ã¯åºåãæåãšããŠäœ¿çšãããŸãã 蚌ææžããªãå Žåã¯ã蚌ææžã XNUMX ã€ã ãè¿œå ãããŸã
ããªãã¿ã date: 蚌ææžã®å€±å¹æ¥ã æ¥ä»ã¯GeneralizedTimeã§è¡šãããå¿ èŠããããŸã
åœ¢åŒ (YYYYMMDDhhmmssZ)ã
* CRL ãã蚌ææžãšã³ããªãåé€ããŸã
rmcert ç¯å²
ã©ãïŒ
ç¯å²: ããã·ã¥ã§åºåããã XNUMX ã€ã®æŽæ°å€: ã«ãã£ãŠè¿œå ããã蚌ææžã®ç¯å²
ãã®ã³ãã³ãã ããã·ã¥ã¯åºåãæåãšããŠäœ¿çšãããŸãã 蚌ææžããªãå Žåã¯ã蚌ææžã XNUMX ã€ã ãè¿œå ãããŸã
ããªãã¿ã
* CRL ã®èšŒææžãšã³ããªã®ç¯å²ãå€æŽããŸã
ç¯å² æ°ããç¯å²
ã©ãïŒ
new-range: ããã·ã¥ã§åºåããã XNUMX ã€ã®æŽæ°å€: è¿œå ããã蚌ææžã®ç¯å²
ãã®ã³ãã³ãã«ãã£ãŠã ããã·ã¥ã¯åºåãæåãšããŠäœ¿çšãããŸãã 蚌ææžããªãå Žåã¯ã蚌ææžã XNUMX ã€ã ãè¿œå ãããŸã
ããªãã¿ã
å®è£ ãããæ¡åŒµæ©èœ
CRL çšã«å®çŸ©ãããæ¡åŒµæ©èœã¯ãè¿œå ã®å±æ§ãé¢é£ä»ããã¡ãœãããæäŸããŸãã
ãšã³ããªã® CRLã 詳现ã«ã€ããŠã¯ãRFC #3280 ãåç §ããŠãã ããã
* Authority Key Identifier æ¡åŒµæ©èœãè¿œå ããŸãã
æš©éããŒèå¥åæ¡åŒµæ©èœã¯ãå ¬éããŒãèå¥ããæ段ãæäŸããŸãã
CRL ã®çœ²åã«äœ¿çšãããç§å¯ããŒã«å¯Ÿå¿ããŸãã
authKeyId ã¯ãªãã£ã«ã« [ã㌠ID | dn蚌ææžã·ãªã¢ã«]
ã©ãïŒ
authKeyIdent: æ¡åŒµæ©èœã®ååãèå¥ããŸãã crity: 1 ã® 0 ã®å€ãèšå®ããå¿ èŠããããŸãã
ãã®æ¡åŒµæ©èœãã¯ãªãã£ã«ã«ãªå Žå㯠1ããã以å€ã®å Žå㯠0ã key-id: ã§è¡šãããããŒèå¥å
ãªã¯ãããæååã dn:: 㯠CA èå¥åã§ãã cert-serial: æ©é¢èšŒææžã·ãªã¢ã«
æ°ã
* çºè¡è ã®ä»£æ¿åæ¡åŒµåãè¿œå :
çºè¡è ã®ä»£æ¿åæ¡åŒµæ©èœã䜿çšãããšãè¿œå ã® ID ãé¢é£ä»ããããšãã§ããŸãã
CRL ã®çºè¡è ã å®çŸ©ããããªãã·ã§ã³ã«ã¯ãrfc822 å (é»åã¡ãŒã« ã¢ãã¬ã¹)ã
DNS åãIP ã¢ãã¬ã¹ãããã³ URIã
issuerAltNames ã®éã¯ãªãã£ã«ã«ãªååãªã¹ã
ã©ãïŒ
subjAltNames: æ¡åŒµæ©èœã®ååã 0 ã«èšå®ããå¿ èŠãããããšã瀺ããŸãã
éã¯ãªãã£ã«ã«æ¡åŒµåã®ååãªã¹ã: ã«ã³ãã§åºåãããååã®ãªã¹ã
* CRL çªå·æ¡åŒµãè¿œå :
CRL çªå·ã¯ãå調å¢å ãäŒããéã¯ãªãã£ã«ã«ãª CRL æ¡åŒµã§ãã
ç¹å®ã® CRL ã¹ã³ãŒããš CRL çºè¡è ã®ã·ãŒã±ã³ã¹çªå·ã ãã®æ¡åŒµæ©èœã«ããããŠãŒã¶ãŒã¯æ¬¡ã®ããšãå¯èœã«ãªããŸã
ç¹å®ã® CRL ãå¥ã® CRL ã«åªå ããææãç°¡åã«å€æã§ããŸã
crlNumber éã¯ãªãã£ã«ã«ãªçªå·
ã©ãïŒ
crlNumber: æ¡åŒµæ©èœã®ååãèå¥ããŸãã critical: ãã㯠0 ã«èšå®ããå¿ èŠããããŸãã
éã¯ãªãã£ã«ã«å ç·çªå·: æ¡åŒµåã®é£ç¶çªå·ãèå¥ããlongã®å€ã
CRLã
* 倱å¹çç±ã³ãŒãæ¡åŒµåãè¿œå :
reasonCode ã¯ã次ã®çç±ãèå¥ããéã¯ãªãã£ã«ã«ãª CRL ãšã³ããªæ¡åŒµã§ãã
蚌ææžã®å€±å¹ã
reasonCode éã¯ãªãã£ã«ã«ã³ãŒã
ã©ãïŒ
reasonCode: æ¡åŒµæ©èœã®ååãèå¥ããŸãã non-critical: 0 ã«èšå®ããå¿ èŠããããŸãã
ããã¯éèŠã§ã¯ãªãæ¡åŒµã³ãŒãã§ãã次ã®ã³ãŒããå©çšå¯èœã§ãã
æªæå® (0)ãkeyCompromise (1)ãcACompromise (2)ãaffiliationChanged (3)ã眮ãæããããŸãã
(4)ãCessationOfOperation (5)ãcertificateHold (6)ãremoveFromCRL (8)ãprivilegeWithdrawn
(9)ãaA劥å (10)
* ç¡å¹æ¥å»¶é·ãè¿œå :
ç¡å¹æ¥ã¯ãç¡å¹ãšãªãæ¥ä»ãæäŸããéã¯ãªãã£ã«ã«ãª CRL ãšã³ããªæ¡åŒµã§ãã
ç§å¯éµã䟵害ãããããŸãã¯èšŒææžã䟵害ãããããšãç¥ãããŠããããçãããŠããå Žå
ãã以å€ã®å Žåã¯ç¡å¹ã«ãªããŸãã
validationDate éã¯ãªãã£ã«ã«ãªæ¥ä»
ã©ãïŒ
crlNumber: æ¡åŒµæ©èœã®ååãèå¥ããŸãã non-critical: ãã㯠0 ã«èšå®ããå¿ èŠããããŸãã
éèŠã§ã¯ãªã延é·æ¥: 蚌ææžã®ç¡å¹æ¥ã§ãã æ¥ä»ã¯æ¬¡ã®åœ¢åŒã§è¡šãå¿ èŠããããŸã
GeneralizedTime åœ¢åŒ (YYYYMMDDhhmmssZ)ã
USAGE
蚌ææžå€±å¹ãªã¹ã管çããŒã«ã®æ©èœã¯æ¬¡ã®ããã«ã°ã«ãŒãåãããŠããŸãã
ãããã®ãªãã·ã§ã³ãšåŒæ°ã®çµã¿åããã䜿çšããŸãã åè§ã®ãªãã·ã§ã³ãšåŒæ°
è§æ¬åŒ§ã¯ãªãã·ã§ã³ã§ãããè§æ¬åŒ§ã®ãªããã®ã¯å¿ é ã§ãã
æ¡åŒµæ©èœãšãã®è©³çŽ°ã«ã€ããŠã¯ããå®è£ ãããæ¡åŒµæ©èœããåç §ããŠãã ããã
ãã©ã¡ãŒã¿ãŒã
* CRL ã®äœæãŸãã¯å€æŽ:
crlutil -G|-M -c crl-gen-file -n ããã¯ããŒã [-i crl] [-u url] [-d keydir] [-P dbprefix] [-l alg] [-a] [-B]
* ãã¹ãŠã® CRL ãŸãã¯ååä»ã CRL ããªã¹ããã:
crlutil -L [-n crl-name] [-d krydir]
* DB ãã CRL ãåé€:
crlutil -D -n ããã¯ããŒã [-d keydir] [-P dbprefix]
* ããŒã¿ããŒã¹ãã CRL ãæ¶å»:
crlutil -E [-d ããŒãã£ã¬ã¯ããª] [-P dbprefix]
* DB ãã CRL ãåé€:
crlutil -D -n ããã¯ããŒã [-d keydir] [-P dbprefix]
* ããŒã¿ããŒã¹ãã CRL ãæ¶å»:
crlutil -E [-d ããŒãã£ã¬ã¯ããª] [-P dbprefix]
* CRL ããã¡ã€ã«ããã€ã³ããŒãããŸã:
crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B]
onworks.net ãµãŒãã¹ã䜿çšããŠãªã³ã©ã€ã³ã§ crlutil ã䜿çšãã