mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-28 15:24:43 +02:00
8240777: Update all nroff manpages for JDK 15 release
Reviewed-by: dholmes
This commit is contained in:
Pavel Rappo
parent
8a9d2b08a0
commit
922ba8da30
29 changed files with 486 additions and 436 deletions
|
|
@ -1,5 +1,5 @@
|
|||
.\"t
|
||||
.\" Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
.\" Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
.\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
.\"
|
||||
.\" This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -22,7 +22,7 @@
|
|||
.\"
|
||||
.\" Automatically generated by Pandoc 2.3.1
|
||||
.\"
|
||||
.TH "KEYTOOL" "1" "2020" "JDK 14" "JDK Commands"
|
||||
.TH "KEYTOOL" "1" "2020" "JDK 15" "JDK Commands"
|
||||
.hy
|
||||
.SH NAME
|
||||
.PP
|
||||
|
|
@ -101,6 +101,16 @@ It can also display other security\-related information.
|
|||
.PP
|
||||
The \f[CB]keytool\f[R] command stores the keys and certificates in a
|
||||
keystore.
|
||||
.PP
|
||||
The \f[CB]keytool\f[R] command uses the
|
||||
\f[CB]jdk.certpath.disabledAlgorithms\f[R] and
|
||||
\f[CB]jdk.security.legacyAlgorithms\f[R] security properties to determine
|
||||
which algorithms are considered a security risk.
|
||||
It emits warnings when disabled or legacy algorithms are being used.
|
||||
The \f[CB]jdk.certpath.disabledAlgorithms\f[R] and
|
||||
\f[CB]jdk.security.legacyAlgorithms\f[R] security properties are defined
|
||||
in the \f[CB]java.security\f[R] file (located in the JDK\[aq]s
|
||||
\f[CB]$JAVA_HOME/conf/security\f[R] directory).
|
||||
.SH COMMAND AND OPTION NOTES
|
||||
.PP
|
||||
The following notes apply to the descriptions in \f[B]Commands and
|
||||
|
|
@ -260,12 +270,10 @@ For example,
|
|||
.PP
|
||||
\f[B]Note:\f[R]
|
||||
.PP
|
||||
For compatibility reasons, the SunPKCS11 and OracleUcrypto providers can
|
||||
still be loaded with
|
||||
\f[CB]\-providerclass\ sun.security.pkcs11.SunPKCS11\f[R] and
|
||||
\f[CB]\-providerclass\ com.oracle.security.crypto.UcryptoProvider\f[R]
|
||||
even if they are now defined in modules.
|
||||
These are the only modules included in JDK that need a configuration,
|
||||
For compatibility reasons, the SunPKCS11 provider can still be loaded
|
||||
with \f[CB]\-providerclass\ sun.security.pkcs11.SunPKCS11\f[R] even if it
|
||||
is now defined in a module.
|
||||
This is the only module included in the JDK that needs a configuration,
|
||||
and therefore the most widely used with the \f[CB]\-providerclass\f[R]
|
||||
option.
|
||||
For legacy security providers located on classpath and loaded by
|
||||
|
|
@ -2199,8 +2207,7 @@ file.
|
|||
The security properties file is called \f[CB]java.security\f[R], and
|
||||
resides in the security properties directory:
|
||||
.IP \[bu] 2
|
||||
\f[B]Oracle Solaris, Linux, and OS X:\f[R]
|
||||
\f[CB]java.home/lib/security\f[R]
|
||||
\f[B]Linux and OS X:\f[R] \f[CB]java.home/lib/security\f[R]
|
||||
.IP \[bu] 2
|
||||
\f[B]Windows:\f[R] \f[CB]java.home\\lib\\security\f[R]
|
||||
.PP
|
||||
|
|
@ -2477,15 +2484,10 @@ A certificates file named \f[CB]cacerts\f[R] resides in the security
|
|||
properties directory:
|
||||
.RS
|
||||
.IP \[bu] 2
|
||||
\f[B]Oracle Solaris, Linux, and OS X:\f[R]
|
||||
\f[I]JAVA_HOME\f[R]\f[CB]/lib/security\f[R]
|
||||
\f[B]Linux and OS X:\f[R] \f[I]JAVA_HOME\f[R]\f[CB]/lib/security\f[R]
|
||||
.IP \[bu] 2
|
||||
\f[B]Windows:\f[R] \f[I]JAVA_HOME\f[R]\f[CB]\\lib\\security\f[R]
|
||||
.PP
|
||||
\f[I]JAVA_HOME\f[R] is the runtime environment directory, which is the
|
||||
\f[CB]jre\f[R] directory in the JDK or the top\-level directory of the
|
||||
Java Runtime Environment (JRE).
|
||||
.PP
|
||||
The \f[CB]cacerts\f[R] file represents a system\-wide keystore with CA
|
||||
certificates.
|
||||
System administrators can configure and manage that file with the
|
||||
|
|
@ -2493,8 +2495,8 @@ System administrators can configure and manage that file with the
|
|||
type.
|
||||
The \f[CB]cacerts\f[R] keystore file ships with a default set of root CA
|
||||
certificates.
|
||||
For Oracle Solaris, Linux, OS X, and Windows, you can list the default
|
||||
certificates with the following command:
|
||||
For Linux, OS X, and Windows, you can list the default certificates with
|
||||
the following command:
|
||||
.RS
|
||||
.PP
|
||||
\f[CB]keytool\ \-list\ \-cacerts\f[R]
|
||||
|
|
@ -2518,10 +2520,10 @@ bundled in the \f[CB]cacerts\f[R] file and make your own trust decisions.
|
|||
.PP
|
||||
To remove an untrusted CA certificate from the \f[CB]cacerts\f[R] file,
|
||||
use the \f[CB]\-delete\f[R] option of the \f[CB]keytool\f[R] command.
|
||||
You can find the \f[CB]cacerts\f[R] file in the JRE installation
|
||||
directory.
|
||||
You can find the \f[CB]cacerts\f[R] file in the JDK\[aq]s
|
||||
\f[CB]$JAVA_HOME/lib/security\f[R] directory.
|
||||
Contact your system administrator if you don\[aq]t have permission to
|
||||
edit this file
|
||||
edit this file.
|
||||
.RE
|
||||
.TP
|
||||
.B Internet RFC 1421 Certificate Encoding Standard
|
||||
|
|
@ -2672,7 +2674,7 @@ fingerprints, as follows:
|
|||
\f[R]
|
||||
.fi
|
||||
.PP
|
||||
\f[B]Oracle Solaris Example:\f[R]
|
||||
\f[B]Linux Example:\f[R]
|
||||
.PP
|
||||
View the certificate first with the \f[CB]\-printcert\f[R] command or the
|
||||
\f[CB]\-importcert\f[R] command without the \f[CB]\-noprompt\f[R] option.
|
||||
|
|
@ -2743,7 +2745,7 @@ it can generate certificates that don\[aq]t conform to the standard,
|
|||
such as self\-signed certificates that would be used for internal
|
||||
testing purposes.
|
||||
Certificates that don\[aq]t conform to the standard might be rejected by
|
||||
JRE or other applications.
|
||||
the JDK or other applications.
|
||||
Users should ensure that they provide the correct options for
|
||||
\f[CB]\-dname\f[R], \f[CB]\-ext\f[R], and so on.
|
||||
.SH IMPORT A NEW TRUSTED CERTIFICATE
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue