trust 命令

常用示例

说明

trust manages the shared system trust policy store, which contains trusted CA certificates, blocklisted certificates, and trust policies. It allows administrators to add, remove, and extract trust anchors used for TLS/SSL verification across the system. Changes made with trust affect all applications that use the p11-kit trust module, providing a unified way to manage certificates rather than configuring each application individually.

参数

list

List trust policy store items

anchor _file_

Add a trust anchor to the store

anchor --remove _file_

Remove a trust anchor

extract --format=_format_ _path_

Extract trust anchors in specified format.

extract-compat

Extract trust policy in a format compatible with the system's native tools.

--filter=_type_

Filter by type (ca-anchors, blocklist, certificates, trust-policy).

--format=_format_

Output format (x509-file, x509-directory, pem-file, pem-bundle, java-cacerts, openssl-bundle, openssl-directory, etc.).

--purpose=_purpose_

Filter by purpose (server-auth, client-auth, email, code-signing).