docs/NixOS/security/pki/index.html

5553 lines
76 KiB
HTML
Raw Normal View History

2024-07-24 19:14:02 +00:00
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Aux Documentation">
<meta name="author" content="Nixpkgs Aux, and Lix Contributors">
<link rel="canonical" href="https://docs.auxolotl.org/NixOS/security/pki/">
<link rel="prev" href="../pam/">
<link rel="next" href="../please/">
<link rel="icon" href="../../../assets/aux-logo.svg">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.29">
<title>Pki - Aux Docs</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.76a95c52.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.bunny.net/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i%7CIBM+Plex+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"IBM Plex Sans";--md-code-font:"IBM Plex Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<meta property="og:type" content="website" >
<meta property="og:title" content="Pki - Aux Docs" >
<meta property="og:description" content="Aux Documentation" >
<meta property="og:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/security/pki.png" >
<meta property="og:image:type" content="image/png" >
<meta property="og:image:width" content="1200" >
<meta property="og:image:height" content="630" >
<meta property="og:url" content="https://docs.auxolotl.org/NixOS/security/pki/" >
<meta name="twitter:card" content="summary_large_image" >
<meta name="twitter:title" content="Pki - Aux Docs" >
<meta name="twitter:description" content="Aux Documentation" >
<meta name="twitter:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/security/pki.png" >
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#securitypkicacertificateblacklist" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Aux Docs" class="md-header__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Aux Docs
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Pki
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Dark Mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Dark Mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Light Mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Light Mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z"/></svg>
</label>
</form>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Aux Documentation Hub
</a>
</li>
<li class="md-tabs__item">
<a href="../../../TODO/" class="md-tabs__link">
TODO
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Aux/" class="md-tabs__link">
Aux
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Lix/" class="md-tabs__link">
Lix
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../appstream/" class="md-tabs__link">
NixOS
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Nixpkgs/" class="md-tabs__link">
Nixpkgs
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Aux Docs" class="md-nav__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
Aux Docs
</label>
<div class="md-nav__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Aux Documentation Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../TODO/" class="md-nav__link">
<span class="md-ellipsis">
TODO
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Aux/" class="md-nav__link">
<span class="md-ellipsis">
Aux
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Lix/" class="md-nav__link">
<span class="md-ellipsis">
Lix
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
NixOS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
NixOS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../appstream/" class="md-nav__link">
<span class="md-ellipsis">
Appstream
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../console/" class="md-nav__link">
<span class="md-ellipsis">
Console
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../containers/" class="md-nav__link">
<span class="md-ellipsis">
Containers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../documentation/" class="md-nav__link">
<span class="md-ellipsis">
Documentation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../dysnomia/" class="md-nav__link">
<span class="md-ellipsis">
Dysnomia
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../ec2/" class="md-nav__link">
<span class="md-ellipsis">
Ec2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../environment/" class="md-nav__link">
<span class="md-ellipsis">
Environment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fileSystems/" class="md-nav__link">
<span class="md-ellipsis">
fileSystems
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fonts/" class="md-nav__link">
<span class="md-ellipsis">
Fonts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../gtk/" class="md-nav__link">
<span class="md-ellipsis">
Gtk
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../hardware/" class="md-nav__link">
<span class="md-ellipsis">
Hardware
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../i18n/" class="md-nav__link">
<span class="md-ellipsis">
I18n
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../lib/" class="md-nav__link">
<span class="md-ellipsis">
Lib
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../location/" class="md-nav__link">
<span class="md-ellipsis">
Location
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nix/" class="md-nav__link">
<span class="md-ellipsis">
Nix
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixops/" class="md-nav__link">
<span class="md-ellipsis">
Nixops
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../oci/" class="md-nav__link">
<span class="md-ellipsis">
Oci
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../openstack/" class="md-nav__link">
<span class="md-ellipsis">
Openstack
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../power/" class="md-nav__link">
<span class="md-ellipsis">
Power
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../powerManagement/" class="md-nav__link">
<span class="md-ellipsis">
powerManagement
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../qt/" class="md-nav__link">
<span class="md-ellipsis">
Qt
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../specialisation/" class="md-nav__link">
<span class="md-ellipsis">
Specialisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../swapDevices/" class="md-nav__link">
<span class="md-ellipsis">
swapDevices
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../system/" class="md-nav__link">
<span class="md-ellipsis">
System
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../time/" class="md-nav__link">
<span class="md-ellipsis">
Time
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../xdg/" class="md-nav__link">
<span class="md-ellipsis">
Xdg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../zramSwap/" class="md-nav__link">
<span class="md-ellipsis">
zramSwap
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../boot/" class="md-nav__link">
<span class="md-ellipsis">
Boot
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../networking/" class="md-nav__link">
<span class="md-ellipsis">
Networking
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../programs/_1password-gui/" class="md-nav__link">
<span class="md-ellipsis">
Programs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_33" checked>
<div class="md-nav__link md-nav__container">
<a href="../" class="md-nav__link ">
<span class="md-ellipsis">
Security
</span>
</a>
<label class="md-nav__link " for="__nav_5_33" id="__nav_5_33_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_33_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_33">
<span class="md-nav__icon md-icon"></span>
Security
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../acme/" class="md-nav__link">
<span class="md-ellipsis">
Acme
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../apparmor/" class="md-nav__link">
<span class="md-ellipsis">
Apparmor
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../audit/" class="md-nav__link">
<span class="md-ellipsis">
Audit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../auditd/" class="md-nav__link">
<span class="md-ellipsis">
Auditd
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../chromiumSuidSandbox/" class="md-nav__link">
<span class="md-ellipsis">
chromiumSuidSandbox
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../dhparams/" class="md-nav__link">
<span class="md-ellipsis">
Dhparams
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../doas/" class="md-nav__link">
<span class="md-ellipsis">
Doas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../duosec/" class="md-nav__link">
<span class="md-ellipsis">
Duosec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../googleOsLogin/" class="md-nav__link">
<span class="md-ellipsis">
googleOsLogin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ipa/" class="md-nav__link">
<span class="md-ellipsis">
Ipa
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../isolate/" class="md-nav__link">
<span class="md-ellipsis">
Isolate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../krb5/" class="md-nav__link">
<span class="md-ellipsis">
Krb5
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../loginDefs/" class="md-nav__link">
<span class="md-ellipsis">
loginDefs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../pam/" class="md-nav__link">
<span class="md-ellipsis">
Pam
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Pki
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Pki
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#securitypkicacertificateblacklist" class="md-nav__link">
<span class="md-ellipsis">
security.pki.caCertificateBlacklist
</span>
</a>
<nav class="md-nav" aria-label="security.pki.caCertificateBlacklist">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkicertificatefiles" class="md-nav__link">
<span class="md-ellipsis">
security.pki.certificateFiles
</span>
</a>
<nav class="md-nav" aria-label="security.pki.certificateFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkicertificates" class="md-nav__link">
<span class="md-ellipsis">
security.pki.certificates
</span>
</a>
<nav class="md-nav" aria-label="security.pki.certificates">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkiusecompatiblebundle" class="md-nav__link">
<span class="md-ellipsis">
security.pki.useCompatibleBundle
</span>
</a>
<nav class="md-nav" aria-label="security.pki.useCompatibleBundle">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../please/" class="md-nav__link">
<span class="md-ellipsis">
Please
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../polkit/" class="md-nav__link">
<span class="md-ellipsis">
Polkit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../rtkit/" class="md-nav__link">
<span class="md-ellipsis">
Rtkit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../shadow/" class="md-nav__link">
<span class="md-ellipsis">
Shadow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sudo-rs/" class="md-nav__link">
<span class="md-ellipsis">
Sudo rs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sudo/" class="md-nav__link">
<span class="md-ellipsis">
Sudo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../tpm2/" class="md-nav__link">
<span class="md-ellipsis">
Tpm2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../virtualisation/" class="md-nav__link">
<span class="md-ellipsis">
Virtualisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wrappers/" class="md-nav__link">
<span class="md-ellipsis">
Wrappers
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../services/" class="md-nav__link">
<span class="md-ellipsis">
Services
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../systemd/" class="md-nav__link">
<span class="md-ellipsis">
Systemd
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../users/" class="md-nav__link">
<span class="md-ellipsis">
Users
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../virtualisation/" class="md-nav__link">
<span class="md-ellipsis">
Virtualisation
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#securitypkicacertificateblacklist" class="md-nav__link">
<span class="md-ellipsis">
security.pki.caCertificateBlacklist
</span>
</a>
<nav class="md-nav" aria-label="security.pki.caCertificateBlacklist">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkicertificatefiles" class="md-nav__link">
<span class="md-ellipsis">
security.pki.certificateFiles
</span>
</a>
<nav class="md-nav" aria-label="security.pki.certificateFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkicertificates" class="md-nav__link">
<span class="md-ellipsis">
security.pki.certificates
</span>
</a>
<nav class="md-nav" aria-label="security.pki.certificates">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securitypkiusecompatiblebundle" class="md-nav__link">
<span class="md-ellipsis">
security.pki.useCompatibleBundle
</span>
</a>
<nav class="md-nav" aria-label="security.pki.useCompatibleBundle">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Pki</h1>
<h2 id="securitypkicacertificateblacklist" security-pki-caCertificateBlacklist="security-pki-caCertificateBlacklist"><code>security.pki.caCertificateBlacklist</code></h2>
<p>A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
{file}<code>/etc/ssl/certs/ca-certificates.crt</code>. Use the
names from that file.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default" security-pki-caCertificateBlacklist-default="security-pki-caCertificateBlacklist-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<h3 id="example" security-pki-caCertificateBlacklist-example="security-pki-caCertificateBlacklist-example">Example</h3>
<p><code class="highlight"><span class="p">[</span><span class="s2">&quot;WoSign&quot;</span><span class="s2">&quot;WoSign China&quot;</span><span class="s2">&quot;CA WoSign ECC Root&quot;</span><span class="s2">&quot;Certification Authority of WoSign G2&quot;</span><span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix</a></p>
<h2 id="securitypkicertificatefiles" security-pki-certificateFiles="security-pki-certificateFiles"><code>security.pki.certificateFiles</code></h2>
<p>A list of files containing trusted root certificates in PEM
format. These are concatenated to form
{file}<code>/etc/ssl/certs/ca-certificates.crt</code>, which is
used by many programs that use OpenSSL, such as
{command}<code>curl</code> and {command}<code>git</code>.</p>
<p><strong>Type:</strong> <code>list of path</code></p>
<h3 id="default_1" security-pki-certificateFiles-default="security-pki-certificateFiles-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<h3 id="example_1" security-pki-certificateFiles-example="security-pki-certificateFiles-example">Example</h3>
<p><code class="highlight"><span class="p">[</span> <span class="s2">&quot;</span><span class="si">${</span>pkgs<span class="o">.</span>cacert<span class="si">}</span><span class="s2">/etc/ssl/certs/ca-bundle.crt&quot;</span> <span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix</a></p>
<h2 id="securitypkicertificates" security-pki-certificates="security-pki-certificates"><code>security.pki.certificates</code></h2>
<p>A list of trusted root certificates in PEM format.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_2" security-pki-certificates-default="security-pki-certificates-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<h3 id="example_2" security-pki-certificates-example="security-pki-certificates-example">Example</h3>
<p><code class="highlight"><span class="p">[</span> <span class="s s-Multiline">&#39;&#39;</span><span class="s s-Multiline"> NixOS.org</span><span class="s s-Multiline"> =========</span><span class="s s-Multiline"> -----BEGIN CERTIFICATE-----</span><span class="s s-Multiline"> MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ</span><span class="s s-Multiline"> TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0</span><span class="s s-Multiline"> ...</span><span class="s s-Multiline"> -----END CERTIFICATE-----</span><span class="s s-Multiline"> &#39;&#39;</span><span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix</a></p>
<h2 id="securitypkiusecompatiblebundle" security-pki-useCompatibleBundle="security-pki-useCompatibleBundle"><code>security.pki.useCompatibleBundle</code></h2>
<p>Whether to enable usage of a compatibility bundle.</p>
<div class="highlight"><pre><span></span><code> Such a bundle consists exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,
which is an OpenSSL specific PEM format.
It is known to be incompatible with certain software stacks.
Nevertheless, enabling this will strip all additional trust rules provided by the
certificates themselves. This can have security consequences depending on your usecases
</code></pre></div>
<p>.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_3" security-pki-useCompatibleBundle-default="security-pki-useCompatibleBundle-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<h3 id="example_3" security-pki-useCompatibleBundle-example="security-pki-useCompatibleBundle-example">Example</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/ca.nix</a></p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Licenced MIT
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://git.auxolotl.org/auxolotl/docs" target="_blank" rel="noopener" title="Aux Docs Repo" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</a>
<a href="https://forum.aux.computer/" target="_blank" rel="noopener" title="Aux Forum" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12.103 0C18.666 0 24 5.485 24 11.997c0 6.51-5.33 11.99-11.9 11.99L0 24V11.79C0 5.28 5.532 0 12.103 0zm.116 4.563a7.395 7.395 0 0 0-6.337 3.57 7.247 7.247 0 0 0-.148 7.22L4.4 19.61l4.794-1.074a7.424 7.424 0 0 0 8.136-1.39 7.256 7.256 0 0 0 1.737-7.997 7.375 7.375 0 0 0-6.84-4.585h-.008z"/></svg>
</a>
<a href="https://wiki.auxolotl.org/" target="_blank" rel="noopener" title="Aux Wiki" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17.801 13.557c.148.098.288.202.417.313 1.854 1.6 3.127 4.656 2.582 7.311-1.091-.255-5.747-1.055-7.638-3.383-.91-1.12-1.366-2.081-1.569-2.885a5.65 5.65 0 0 0 .034-.219c.089.198.197.35.313.466.24.24.521.335.766.372.304.046.594-.006.806-.068l.001.001c.05-.015.433-.116.86-.342.325-.173 2.008-.931 3.428-1.566Zm-7.384 1.435C9.156 16.597 6.6 18.939.614 18.417c.219-1.492 1.31-3.019 2.51-4.11.379-.345.906-.692 1.506-1.009.286.168.598.332.939.486 2.689 1.221 3.903 1.001 4.89.573a1.3 1.3 0 0 0 .054-.025 6.156 6.156 0 0 0-.096.66Zm4.152-.462c.38-.341.877-.916 1.383-1.559-.389-.15-.866-.371-1.319-.591-.598-.29-1.305-.283-2.073-.315a4.685 4.685 0 0 1-.804-.103c.014-.123.027-.246.038-.369.062.104.673.057.871.057.354 0 1.621.034 3.074-.574 1.452-.608 2.55-1.706 3.022-3.225.474-1.52.22-3.091-.168-3.952-.169.709-1.453 2.381-1.926 2.871-.473.489-2.381 2.296-2.972 2.921-.7.74-.688.793-1.332 1.302-.202.19-.499.402-.563.53.027-.338.039-.675.027-.997a7.653 7.653 0 0 0-.032-.523c.322-.059.567-.522.567-.861 0-.224-.106-.247-.271-.229.075-.894.382-3.923 1.254-4.281.218.109.831.068.649-.295-.182-.364-.825-.074-1.081.266-.28.374-.956 2.046-.92 4.324-.113.014-.174.033-.322.033-.171 0-.321-.04-.433-.05.034-2.275-.714-3.772-.84-4.169-.12-.375-.491-.596-.781-.596-.146 0-.272.056-.333.179-.182.363.459.417.677.308.706.321 1.156 3.519 1.254 4.277-.125-.006-.199.035-.199.233 0 .311.17.756.452.843a.442.442 0 0 0-.007.03s-.287.99-.413 2.189a4.665 4.665 0 0 1-.718-.225c-.714-.286-1.355-.583-2.019-.566-.664.018-1.366.023-1.804-.036-.438-.058-.649-.15-.649-.15s-.234.365.257 1.075c.42.607 1.055 1.047 1.644 1.18.589.134 1.972.18 2.785-.377.16-.109.317-.228.459-.34a8.717 8.717 0 0 0-.013.626c-.289.753-.571 1.993-.268 3.338 0-.001.701-.842.787-2.958.006-.144.009-.271.01-.383.052-.248.103-.518.148-.799.072.135.151.277.234.413.511.842 1.791 1.37 2.383 1.49.091.019.187.032.285.038Zm-1.12.745c-.188.055-.445.1-.713.059-.21-.031-.45-.11-.655-.316-.169-.168-.312-.419-.401-.789a9.837 9.837 0 0 0 .039-.82l.049-.243c.563.855 1.865 1.398 2.476 1.522.036.008.072.014.109.02l-.013.009c-.579.415-.76.503-.891.558Zm6.333-2.818c-.257.114-4.111 1.822-5.246 2.363.98-.775 3.017-3.59 3.699-4.774 1.062.661 1.468 1.109 1.623 1.441.101.217.09.38.096.515a.57.57 0 0 1-.172.455Zm-9.213 1.62a1.606 1.606 0 0 1-.19.096c-.954.414-2.126.61-4.728-.571-2.023-.918-3.024-2.157-3.371-2.666.476.161 1.471.473 2.157.524.282.021.703.068 1.167.125.021.209.109.486.345.829l.001.001c.451.651 1.134 1.119 1.765 1.262.622.141 2.083.182 2.942-.407a3.12 3.12 0 0 0 .132-.093l.001.179a6.052 6.052 0 0 0-.221.721Zm5.512-1.271a17.49 17.49 0 0 1-1.326-.589c.437.042 1.054.083 1.692.108-.121.162-.244.323-.366.481Zm.932-1.26c-.12.17-.245.343-.373.517-.241.018-.478.03-.709.038a29.05 29.05 0 0 1-.741-.048c.608-.065 1.228-.252 1.823-.507Zm.22-.315c-.809.382-1.679.648-2.507.648-.472 0-.833.018-1.139.039v.001c-.324-.031-.665-.039-1.019-.054a3.555 3.555 0 0 1-.152-.009c.102-.002.192-.006.249-.006.363 0 1.662.034 3.151-.589 1.508-.632 2.645-1.773 3.136-3.351.37-1.186.31-2.402.086-3.312.458-.336.86-.651 1.147-.91.501-.451.743-.733.848-.869.199.206.714.864.685 2.138-.036 1.611-.606 3.187-1.501 4.154a9.099 9.099 0 0 1-1.321 1.132 11.978 11.978 0 0 0-.644-.422l-.089-.055-.051.091c-.184.332-.5.825-.879 1.374ZM4.763 5.817c-.157 1.144.113 2.323.652 3.099.539.776 2.088 2.29 3.614 2.505.991.14 2.055.134 2.055.134s-.593-.576-1.114-1.66c-.521-1.085-.948-2.104-1.734-2.786-.785-.681-1.601-1.416-2.045-1.945-.444-.53-.59-.86-.59-.86s-.656.175-.838 1.513Zm14.301 4.549a9.162 9.162 0 0 0 1.3-1.12c.326-.352.611-.782.845-1.265 1.315.145 2.399.371 2.791.434 0 0-.679 1.971-3.945 3.022l-.016-.035c-.121-.26-.385-.594-.975-1.036Zm-11.634.859a8.537 8.537 0 0 1-.598-.224c-1.657-.693-2.91-1.944-3.449-3.678-.498-1.601-.292-3.251.091-4.269.225.544.758 1.34 1.262 2.01a3.58 3.58 0 0 0-.172.726c-.163 1.197.123 2.428.687 3.24.416.599 1.417 1.62 2.555 2.193-.128.002-.253.003-.376.002Zm-1.758-.077c-.958-.341-1.901-.787-2.697-1.368C-.07 7.559 0 6.827 0 6.827s1.558-.005 3.088.179c.03.126.065.
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["content.tooltips", "search.highlight", "navigation.tabs", "navigation.indexes", "navigation.prune"], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../../assets/javascripts/bundle.fe8b6f2b.min.js"></script>
</body>
</html>