Subversion Repositories svn LFS-FR

Rev

Rev 7197 | Rev 7203 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7156 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
7202 jlepiller 9
"POT-Creation-Date: 2016-11-25 04:06+0100\n"
10
"PO-Revision-Date: 2016-11-25 09:31+0000\n"
7156 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"MIME-Version: 1.0\n"
14
"Content-Type: text/plain; charset=UTF-8\n"
15
"Content-Transfer-Encoding: 8bit\n"
7197 jlepiller 16
"Language: fr\n"
7156 jlepiller 17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.7\n"
7202 jlepiller 19
"X-POOTLE-MTIME: 1480066263.352937\n"
7156 jlepiller 20
 
7202 jlepiller 21
#. type: Content of the certhost entity
7156 jlepiller 22
#: blfs-en/postlfs/security/cacerts.xml:7
7202 jlepiller 23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
7156 jlepiller 25
 
7202 jlepiller 26
#. type: Content of the certpath entity
7156 jlepiller 27
#: blfs-en/postlfs/security/cacerts.xml:8
7202 jlepiller 28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
7156 jlepiller 30
 
7202 jlepiller 31
#. type: Content of the ca-bundle-download entity
7156 jlepiller 32
#: blfs-en/postlfs/security/cacerts.xml:9
7202 jlepiller 33
msgid "&sources-anduin-http;/other/certdata.txt"
34
msgstr "&sources-anduin-http;/other/certdata.txt"
7156 jlepiller 35
 
7202 jlepiller 36
#. type: Content of the ca-bundle-size entity
7156 jlepiller 37
#: blfs-en/postlfs/security/cacerts.xml:10
7202 jlepiller 38
msgid "1.6 MB"
39
msgstr "1.6 Mio"
7156 jlepiller 40
 
7202 jlepiller 41
#. type: Content of the cacerts-buildsize entity
7156 jlepiller 42
#: blfs-en/postlfs/security/cacerts.xml:11
7202 jlepiller 43
msgid "4.7 MB (with all runtime deps)"
44
msgstr "4.7 Mo (avec toutes les dépendances à l'exécution)"
7156 jlepiller 45
 
7202 jlepiller 46
#. type: Content of the cacerts-time entity
47
#: blfs-en/postlfs/security/cacerts.xml:12
48
msgid "0.2 SBU (with all runtime deps)"
49
msgstr "0.2 SBU (avec toutes les dépendances à l'exécution)"
50
 
51
#. type: Content of the make-ca-download entity
52
#: blfs-en/postlfs/security/cacerts.xml:14
53
msgid "&sources-anduin-http;/other/make-ca.sh"
54
msgstr "&sources-anduin-http;/other/make-ca.sh"
55
 
56
#. type: Content of the make-ca-size entity
57
#: blfs-en/postlfs/security/cacerts.xml:15
58
msgid "11 KB"
59
msgstr "11 Ko"
60
 
61
#. type: Content of the make-ca-md5sum entity
62
#: blfs-en/postlfs/security/cacerts.xml:16
63
msgid "9e416981cd153d8923e06dc8e39ac534"
64
msgstr "9e416981cd153d8923e06dc8e39ac534"
65
 
7156 jlepiller 66
#. type: Content of: <sect1><sect1info>
7202 jlepiller 67
#: blfs-en/postlfs/security/cacerts.xml:23
7193 jlepiller 68
#| msgid ""
7202 jlepiller 69
#| "<othername>$LastChangedBy: dj $</othername> <date>$Date: 2016-11-22 06:41:16"
70
#| " +0100 (Tue, 22 Nov 2016) $</date>"
7156 jlepiller 71
msgid ""
7202 jlepiller 72
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2016-11-24 17:05:14"
73
" +0100 (Thu, 24 Nov 2016) $</date>"
7156 jlepiller 74
msgstr ""
7202 jlepiller 75
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2016-11-24 17:05:14"
76
" +0100 (Thu, 24 Nov 2016) $</date>"
7156 jlepiller 77
 
78
#. type: Content of: <sect1><indexterm><primary>
7202 jlepiller 79
#: blfs-en/postlfs/security/cacerts.xml:27
80
#: blfs-en/postlfs/security/cacerts.xml:50
7156 jlepiller 81
msgid "Certificate Authority Certificates"
7159 jlepiller 82
msgstr "Certificats d'autorité de certification"
7156 jlepiller 83
 
84
#. type: Content of: <sect1><para>
7202 jlepiller 85
#: blfs-en/postlfs/security/cacerts.xml:29
86
#| msgid ""
87
#| "Public Key Infrastructure (PKI) is a method to validate the authenticity of "
88
#| "an othewise unknown entity across untrusted networks. PKI works by "
89
#| "establishing a chain of trust, rather than trusting each individual host or "
90
#| "entity explicitly. In order for a certificate presented by a remote entity "
91
#| "to be trusted, that certificate must pesent a complete chain of certificates"
92
#| " that can be validated using the root certificate of a Certificate Authority"
93
#| " (CA) that is trusted by the local machine."
7156 jlepiller 94
msgid ""
7202 jlepiller 95
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
96
"an otherwise unknown entity across untrusted networks. PKI works by "
97
"establishing a chain of trust, rather than trusting each individual host or "
98
"entity explicitly. In order for a certificate presented by a remote entity "
99
"to be trusted, that certificate must present a complete chain of "
100
"certificates that can be validated using the root certificate of a "
101
"Certificate Authority (CA) that is trusted by the local machine."
7156 jlepiller 102
msgstr ""
7202 jlepiller 103
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
104
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
105
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
106
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
107
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
108
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
109
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
110
"autorité de certification (CA) en laquelle la machine locale a confiance."
7156 jlepiller 111
 
7202 jlepiller 112
#. type: Content of: <sect1><para>
113
#: blfs-en/postlfs/security/cacerts.xml:37
114
msgid ""
115
"Establishing trust with a CA involves validating things like company "
116
"address, ownership, contact information, etc., and ensuring that the CA has "
117
"followed best practices, such as undergoing periodic security audits by "
118
"independent investigators and maintaining an always available certificate "
119
"revocation list. This is well outside the scope of BLFS (as it is for most "
120
"Linux distributions). The certificate store provided here is taken from the "
121
"Mozilla Foundation, who have established very strict inclusion policies "
122
"described <ulink url=\"https://www.mozilla.org/en-"
123
"US/about/governance/policies/security-group/certs/\">here</ulink>."
124
msgstr ""
125
"L'établissement de la confiance avec une CA nécessite de valider des choses "
126
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
127
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
128
"audits de sécurité périodiques par des enquêteurs indépendants et le "
129
"maintient d'une liste de révocation de certificats toujours à jour. Ceci est"
130
" bien au delà de la portée de BLFS (comme pour la plupart des distributions "
131
"Linux). Le magasin de certificats fournit ici est emprunté à la fondation "
132
"Mozilla, qui ont établit une politique d'inclusion très stricte décrite "
133
"<ulink url=\"https://www.mozilla.org/en-US/about/governance/policies"
134
"/security-group/certs/\">ici</ulink>."
135
 
7156 jlepiller 136
#. type: Content of: <sect1><sect2><title>
7202 jlepiller 137
#: blfs-en/postlfs/security/cacerts.xml:54
7156 jlepiller 138
msgid "Introduction to Certificate Authorities"
139
msgstr "Introduction à Certificate Authorities"
140
 
141
#. type: Content of: <sect1><sect2><bridgehead>
7202 jlepiller 142
#: blfs-en/postlfs/security/cacerts.xml:56
7156 jlepiller 143
msgid "Package Information"
144
msgstr "Informations sur le paquet"
145
 
146
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7202 jlepiller 147
#: blfs-en/postlfs/security/cacerts.xml:59
7193 jlepiller 148
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
149
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
7156 jlepiller 150
 
151
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7202 jlepiller 152
#: blfs-en/postlfs/security/cacerts.xml:62
7193 jlepiller 153
msgid "Download size: &make-ca-size;"
154
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
7156 jlepiller 155
 
156
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7202 jlepiller 157
#: blfs-en/postlfs/security/cacerts.xml:65
7193 jlepiller 158
msgid "Download MD5 Sum: &make-ca-md5sum;"
7196 jlepiller 159
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
7193 jlepiller 160
 
161
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7202 jlepiller 162
#: blfs-en/postlfs/security/cacerts.xml:68
7156 jlepiller 163
msgid "Estimated disk space required: &cacerts-buildsize;"
164
msgstr "Estimation de l'espace disque requis&nbsp;: &cacerts-buildsize;"
165
 
166
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7202 jlepiller 167
#: blfs-en/postlfs/security/cacerts.xml:71
7156 jlepiller 168
msgid "Estimated build time: &cacerts-time;"
169
msgstr "Estimation du temps de construction&nbsp;: &cacerts-time;"
170
 
171
#. type: Content of: <sect1><sect2><bridgehead>
7202 jlepiller 172
#: blfs-en/postlfs/security/cacerts.xml:76
173
msgid "Additional Downloads"
174
msgstr "Téléchargements supplémentaires"
175
 
176
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
177
#: blfs-en/postlfs/security/cacerts.xml:80
178
msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
179
msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
180
 
181
#. type: Content of: <sect1><sect2><bridgehead>
182
#: blfs-en/postlfs/security/cacerts.xml:86
7156 jlepiller 183
msgid "Certificate Authority Certificates Dependencies"
184
msgstr "Dépendances de Certificate Authority Certificates"
185
 
186
#. type: Content of: <sect1><sect2><bridgehead>
7202 jlepiller 187
#: blfs-en/postlfs/security/cacerts.xml:88
7156 jlepiller 188
msgid "Required"
189
msgstr "Requises"
190
 
191
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 192
#: blfs-en/postlfs/security/cacerts.xml:89
193
msgid "<xref linkend=\"openssl\"/>"
194
msgstr "<xref linkend=\"openssl\"/>"
7156 jlepiller 195
 
7202 jlepiller 196
#. type: Content of: <sect1><sect2><bridgehead>
197
#: blfs-en/postlfs/security/cacerts.xml:91
198
msgid "Optional (runtime)"
199
msgstr "Facultatives (exécution)"
200
 
7156 jlepiller 201
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 202
#: blfs-en/postlfs/security/cacerts.xml:93
203
msgid ""
204
"<xref linkend=\"java\"/> or <xref linkend=\"openjdk\"/>, and <xref "
205
"linkend=\"nss\"/>"
206
msgstr ""
207
"<xref linkend=\"java\"/> ou <xref linkend=\"openjdk\"/> et <xref "
208
"linkend=\"nss\"/>"
209
 
210
#. type: Content of: <sect1><sect2><para>
211
#: blfs-en/postlfs/security/cacerts.xml:96
7156 jlepiller 212
msgid "User Notes: <ulink url='&blfs-wiki;/cacerts'/>"
213
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/cacerts'/>"
214
 
215
#. type: Content of: <sect1><sect2><title>
7202 jlepiller 216
#: blfs-en/postlfs/security/cacerts.xml:101
7156 jlepiller 217
msgid "Installation of Certificate Authority Certificates"
218
msgstr "Installation de Certificate Authority Certificates"
219
 
220
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 221
#: blfs-en/postlfs/security/cacerts.xml:103
7156 jlepiller 222
msgid ""
7202 jlepiller 223
"The <application>make-ca.sh</application> script will adapt the certificates"
224
" included in the <filename>certdata.txt</filename> file for use in multiple "
225
"certificate stores (if the associated applications are present on the "
226
"system). Additionally, any local certificates stored in "
227
"<filename>/etc/ssl/local</filename> will be imported to the certificate "
228
"stores. Certificates in this directory should be stored as PEM encoded "
229
"<application>OpenSSL</application> trusted certificates."
7156 jlepiller 230
msgstr ""
7202 jlepiller 231
"Le script <application>make-ca.sh</application> adaptera les certificats "
232
"inclus dans le fichier <filename>certdata.txt</filename> pour l'utiliser "
233
"dans de multiples magasins de certificats (si les applications associées "
234
"sont présentes sur le système). De plus, tout certificat local stocké dans "
235
"<filename>/etc/ssl/local</filename> sera importé dans les magasins de "
236
"certificats. Les certificats de ce répertoire devraient être stockés sous "
237
"forme de certificats de confiance <application>OpenSSL</application> encodé "
238
"en PEM."
7156 jlepiller 239
 
7193 jlepiller 240
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 241
#: blfs-en/postlfs/security/cacerts.xml:111
242
#| msgid ""
243
#| "To create an <application>OpenSSL</application> trusted certificate from a "
244
#| "regular PEM encoded file, provided by a CA not included in Mozilla's "
245
#| "certificate distribution, you need to add trust arguments to the "
246
#| "<command>openssl</command> command, and create a new certificate. There are "
247
#| "three trust types that are recognised by the <application>make-"
248
#| "ca.sh</application> script, SSL/TLS, S/Mime, and code signing. For example, "
249
#| "to allow a certificate to be trusted for both SSL/TLS and S/Mime, but "
250
#| "explicitly rejected for code signing, you could use the following commands "
251
#| "to create a new trusted ceritificate that has those trust attributes:"
7156 jlepiller 252
msgid ""
7202 jlepiller 253
"To create an <application>OpenSSL</application> trusted certificate from a "
254
"regular PEM encoded file, provided by a CA not included in Mozilla's "
255
"certificate distribution, you need to add trust arguments to the "
256
"<command>openssl</command> command, and create a new certificate. There are "
257
"three trust types that are recognised by the <application>make-"
258
"ca.sh</application> script, SSL/TLS, S/Mime, and code signing. For example, "
259
"to allow a certificate to be trusted for both SSL/TLS and S/Mime, but "
260
"explicitly rejected for code signing, you could use the following commands "
261
"to create a new trusted certificate that has those trust attributes:"
7156 jlepiller 262
msgstr ""
7202 jlepiller 263
"Pour créer un certificat de confiance <application>OpenSSL</application> "
264
"depuis un fichier normal encodé en PEM fournit par une CA qui n'est pas "
265
"incluse dans la distribution de certificats de Mozilla, vous devrez ajouter "
266
"des arguments trust à la commande <command>openssl</command> et créer un "
267
"nouveau certificat. Il y a trois types de confiance qui sont reconnues par "
268
"le script <application>make-ca.sh</application>, SSL/TLS, S/Mime et la "
269
"signature de code. Par exemple, pour permettre à un certificat d'être "
270
"reconnu pour SSL/TLS et S/Mime, mais explicitement rejeté pour la signature "
271
"de code, vous pouvez utiliser les commandes suivantes pour créer un nouveau "
272
"certificat de confiance qui ont ces attributs de confiance&nbsp;:"
7156 jlepiller 273
 
7202 jlepiller 274
#. type: Content of: <sect1><sect2><screen>
275
#: blfs-en/postlfs/security/cacerts.xml:122
276
#, no-wrap
277
msgid ""
278
"<literal>openssl x509 -in MyRootCA.pem -text -fingerprint -setalias \"My Root CA 1\"     \\\n"
279
"        -addtrust serverAuth -addtrust emailProtection -addreject codeSigning \\\n"
280
"        > MyRootCA-trusted.pem</literal>"
281
msgstr ""
282
"<literal>openssl x509 -in MyRootCA.pem -text -fingerprint -setalias \"My Root CA 1\"     \\\n"
283
"        -addtrust serverAuth -addtrust emailProtection -addreject codeSigning \\\n"
284
"        > MyRootCA-trusted.pem</literal>"
285
 
7156 jlepiller 286
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 287
#: blfs-en/postlfs/security/cacerts.xml:126
288
#| msgid ""
289
#| "If a trust argument is omitted, the certificate is neither trusted, nor "
290
#| "rejected. Clients that use <application>OpenSSL</application> or "
291
#| "<application>NSS</application> encountering this certificate will present a "
292
#| "warning to the user. Clients using <application>GnuTLS</application> without"
293
#| " <application>p11-kit</application> support are not aware of trusted "
294
#| "certificates. To include this CA into the ca-bundle.crt (used for "
295
#| "<application>GnuTLS</application>), it must, at very least, have the "
296
#| "serverAuth trust."
7156 jlepiller 297
msgid ""
7202 jlepiller 298
"If a trust argument is omitted, the certificate is neither trusted, nor "
299
"rejected. Clients that use <application>OpenSSL</application> or "
300
"<application>NSS</application> encountering this certificate will present a "
301
"warning to the user. Clients using <application>GnuTLS</application> without"
302
" <application>p11-kit</application> support are not aware of trusted "
303
"certificates. To include this CA into the ca-bundle.crt (used for "
304
"<application>GnuTLS</application>), it must have <envar>serverAuth</envar> "
305
"trust."
7156 jlepiller 306
msgstr ""
7202 jlepiller 307
"Si un argument trust en omis, le certificat n'est ni reconnu ni rejeté. Les "
308
"clients qui utilisent <application>OpenSSL</application> ou "
309
"<application>NSS</application> rencontrant ce certificat renverront un "
310
"avertissement à l'utilisateur . Les clients qui utilisent "
311
"<application>GnuTLS</application> sans le support de "
312
"<application>p11-kit</application> ne sont pas conscient des certificats de "
313
"confiance. Pour inclure cette CA dans le fichier ca-bundle.crt (utilisé par "
314
"<application>GnuTLS</application>), il doit, au minimum, avoir la confiance "
315
"<envar>serverAuth</envar>."
7156 jlepiller 316
 
317
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 318
#: blfs-en/postlfs/security/cacerts.xml:135
7156 jlepiller 319
msgid ""
7202 jlepiller 320
"To install the various certificate stores, first install the <application"
321
">make-ca.sh</application> script into the correct location.  As the "
322
"<systemitem class=\"username\">root</systemitem> user:"
7156 jlepiller 323
msgstr ""
7202 jlepiller 324
"Pour installer les divers magasins de certificats, installez le script "
325
"<application>make-ca.sh</application> au bon endroit. En tant qu'utilisateur"
7197 jlepiller 326
" <systemitem class=\"username\">root</systemitem>&nbsp;:"
7156 jlepiller 327
 
328
#. type: Content of: <sect1><sect2><screen>
7202 jlepiller 329
#: blfs-en/postlfs/security/cacerts.xml:139
7156 jlepiller 330
#, no-wrap
7202 jlepiller 331
msgid "<userinput>install -vm755 make-ca.sh /usr/sbin</userinput>"
332
msgstr "<userinput>install -vm755 make-ca.sh /usr/sbin</userinput>"
7156 jlepiller 333
 
334
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 335
#: blfs-en/postlfs/security/cacerts.xml:141
7156 jlepiller 336
msgid ""
7202 jlepiller 337
"As the <systemitem class=\"username\">root</systemitem> user, make sure that"
338
" certdata.txt is in the current directory, and update the certificate stores"
339
" with the following command:"
7156 jlepiller 340
msgstr ""
7196 jlepiller 341
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
7202 jlepiller 342
"assurez-vous que certdata.txt est dans le répertoire courant, et mettez à "
343
"jour le magasin de certificats avec la commande suivante&nbsp;:"
7156 jlepiller 344
 
345
#. type: Content of: <sect1><sect2><screen>
7202 jlepiller 346
#: blfs-en/postlfs/security/cacerts.xml:145
7156 jlepiller 347
#, no-wrap
7202 jlepiller 348
msgid "<userinput>/usr/sbin/make-ca.sh</userinput>"
349
msgstr "<userinput>/usr/sbin/make-ca.sh</userinput>"
7156 jlepiller 350
 
351
#. type: Content of: <sect1><sect2><para>
7202 jlepiller 352
#: blfs-en/postlfs/security/cacerts.xml:147
7156 jlepiller 353
msgid ""
7202 jlepiller 354
"You should periodically download a copy of <filename>certdata.txt</filename>"
355
" and run the <application>make-ca.sh</application> script (as the "
356
"<systemitem class=\"username\">root</systemitem> user), or as part of a "
357
"monthly <application>cron</application> job to ensure that you have the "
358
"latest available version of the certificates."
7156 jlepiller 359
msgstr ""
7202 jlepiller 360
"Vous devriez télécharger régulièrement une copie de "
361
"<filename>certdata.txt</filename> et lancer le script <application>make-"
7197 jlepiller 362
"ca.sh</application> (en tant qu'utilisateur <systemitem "
363
"class=\"username\">root</systemitem>), ou en tant que tâche "
7202 jlepiller 364
"<application>cron</application> mensuelle pour vous assurer d'avoir la "
7197 jlepiller 365
"dernière version disponible des certificats."
7156 jlepiller 366
 
7202 jlepiller 367
#. type: Content of: <sect1><sect2><para>
368
#: blfs-en/postlfs/security/cacerts.xml:154
369
msgid ""
370
"The <filename>certdata.txt</filename> file provided by BLFS is obtained from"
371
" the mozilla-release branch, and is modified to provide a simple dated "
372
"revision. This will be the correct version for most systems. There are, "
373
"however, several other variants of the file available for use that might be "
374
"preferred for one reason or another, including all Mozilla products in this "
375
"book. RedHat and OpenSUSE, for instance, use the version included in <xref "
376
"linkend=\"nss\"/>. Additional download locations are available at:"
377
msgstr ""
378
"Le fichier <filename>certdata.txt</filename> fournit par BLFS est obtenu à "
379
"partir de la branche mozilla-release, et est modifié pour fournir une simple"
380
" révision horodatée. Ce sera la bonne version pour la plupart des systèmes. "
381
"Il y a cependant plusieurs variantes du fichier disponibles à l'utilisation "
382
"qui peuvent être préférés pour une raison ou une autre, incluses dans les "
383
"produits Mozilla dans ce livre. RedHat et OpenSUSE par exemple utilisent la "
384
"version incluse dans <xref linkend=\"nss\"/>. Des emplacements de "
385
"téléchargement supplémentaires sont disponibles&nbsp;:"
386
 
387
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
388
#: blfs-en/postlfs/security/cacerts.xml:165
389
msgid ""
390
"Mozilla Release (the version provided by BLFS): <ulink "
391
"url=\"&certhost;releases/mozilla-release/raw-"
392
"file/default/security/nss&certpath;\"/>"
393
msgstr ""
394
"Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
395
"url=\"&certhost;releases/mozilla-release/raw-"
396
"file/default/security/nss&certpath;\"/>"
397
 
398
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
399
#: blfs-en/postlfs/security/cacerts.xml:170
400
msgid ""
401
"NSS (this is the latest available version): <ulink "
402
"url=\"&certhost;projects/nss/raw-file/tip/lib&certpath;\"/>"
403
msgstr ""
404
"NSS (c'est la dernière version disponible)&nbsp;: <ulink "
405
"url=\"&certhost;projects/nss/raw-file/tip/lib&certpath;\"/>"
406
 
407
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
408
#: blfs-en/postlfs/security/cacerts.xml:175
409
msgid ""
410
"Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
411
"file/default/security/nss&certpath;\"/>"
412
msgstr ""
413
"Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
414
"file/default/security/nss&certpath;\"/>"
415
 
416
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
417
#: blfs-en/postlfs/security/cacerts.xml:180
418
msgid ""
419
"Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
420
"file/default/security/nss&certpath;\"/>"
421
msgstr ""
422
"Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
423
"file/default/security/nss&certpath;\"/>"
424
 
425
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
426
#: blfs-en/postlfs/security/cacerts.xml:185
427
msgid ""
428
"Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
429
"file/default/security/nss&certpath;\"/>"
430
msgstr ""
431
"Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
432
"file/default/security/nss&certpath;\"/>"
433
 
7156 jlepiller 434
#. type: Content of: <sect1><sect2><title>
7202 jlepiller 435
#: blfs-en/postlfs/security/cacerts.xml:194
7156 jlepiller 436
msgid "Contents"
437
msgstr "Contenu"
438
 
439
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7202 jlepiller 440
#: blfs-en/postlfs/security/cacerts.xml:197
7156 jlepiller 441
msgid "Installed Programs"
442
msgstr "Programmes installés"
443
 
444
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7202 jlepiller 445
#: blfs-en/postlfs/security/cacerts.xml:198
7156 jlepiller 446
msgid "Installed Libraries"
447
msgstr "Bibliothèques installées"
448
 
449
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7202 jlepiller 450
#: blfs-en/postlfs/security/cacerts.xml:199
7156 jlepiller 451
msgid "Installed Directories"
452
msgstr "Répertoires installés"
453
 
454
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7202 jlepiller 455
#: blfs-en/postlfs/security/cacerts.xml:202
7193 jlepiller 456
msgid "make-ca.sh"
457
msgstr "make-ca.sh"
7156 jlepiller 458
 
459
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7202 jlepiller 460
#: blfs-en/postlfs/security/cacerts.xml:203
7156 jlepiller 461
msgid "None"
462
msgstr "Aucune"
463
 
464
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7202 jlepiller 465
#: blfs-en/postlfs/security/cacerts.xml:204
466
msgid "/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}"
467
msgstr "/etc/ssl/{certs,java,local} et /etc/pki/{nssdb,anchors}"
7156 jlepiller 468
 
469
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
7202 jlepiller 470
#: blfs-en/postlfs/security/cacerts.xml:209
7156 jlepiller 471
msgid "Short Descriptions"
472
msgstr "Descriptions courtes"
473
 
474
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
7202 jlepiller 475
#: blfs-en/postlfs/security/cacerts.xml:214
7156 jlepiller 476
msgid "<command>make-ca.sh</command>"
477
msgstr "<command>make-ca.sh</command>"
478
 
7165 jlepiller 479
#. type: Content of:
480
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
7202 jlepiller 481
#: blfs-en/postlfs/security/cacerts.xml:216
7156 jlepiller 482
msgid ""
7202 jlepiller 483
"is a shell script that adapts a current version of "
7193 jlepiller 484
"<filename>certdata.txt</filename>, and prepares it for use as the system "
485
"certificate store."
7156 jlepiller 486
msgstr ""
7202 jlepiller 487
"est un script shell qui adapte une version actuelle de "
7197 jlepiller 488
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme "
7196 jlepiller 489
"magasin de certificat du système."
7156 jlepiller 490
 
7165 jlepiller 491
#. type: Content of:
492
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7202 jlepiller 493
#: blfs-en/postlfs/security/cacerts.xml:220
7156 jlepiller 494
msgid "make-ca"
495
msgstr "make-ca"
496
 
7202 jlepiller 497
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
498
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
7156 jlepiller 499
 
7202 jlepiller 500
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
501
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
502
 
503
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
504
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
505
 
506
#~ msgid "1.4 MB"
507
#~ msgstr "1.4 Mo"
508
 
509
#~ msgid "0.1 SBU"
510
#~ msgstr "0.1 SBU"
511
 
512
#~ msgid ""
513
#~ "The Public Key Infrastructure is used for many security features in a Linux "
514
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
515
#~ "trusted agent called a Certificate Authority (CA). The certificates "
516
#~ "installed in this section are obtained from the Mozilla version control "
517
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
518
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
519
#~ " either directly or indirectly by linking to one of these packages."
520
#~ msgstr ""
521
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
522
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
523
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
524
#~ "agent de confiance, qu'on appelle l'autorité de certification "
525
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
526
#~ "certificats chargés dans cette section sont issus de la liste du système de "
527
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
528
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
529
#~ "également être utilisés par d'autres applications, directement ou "
530
#~ "indirectement via <application>openssl</application>."
531
 
532
#~ msgid ""
533
#~ "The <application>make-ca.sh</application> script will download a set of "
534
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
535
#~ "release) in the Mozialla version control system. It defaults to the release "
536
#~ "branch, which is identical to the version that ships with the Mozilla "
537
#~ "products in this book. If you'd like to change the branch that is retrieved,"
538
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
539
#~ "above."
540
#~ msgstr ""
541
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
542
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
543
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
544
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
545
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
546
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
547
#~ "l'une des cinq valeurs ci-dessus."
548
 
549
#~ msgid ""
550
#~ "Additionally, any local certificates stored in "
551
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
552
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
553
#~ "<application>gnutls</application>), and into the certificate store directory"
554
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
555
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
556
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
557
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
558
#~ " upon successful completion of this script."
559
#~ msgstr ""
560
#~ "De plus, tout certificat local stocké dans "
561
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
562
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
563
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
564
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
565
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
566
#~ "certificats passeront un test de validation de leur date et de leur "
567
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
568
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
569
#~ " la fin de ce script si tout va bien."
570
 
571
#~ msgid ""
572
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
573
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
574
#~ "<filename>/etc/ssl/java/cacerts</filename>."
575
#~ msgstr ""
576
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
577
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
578
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
579
 
580
#~ msgid ""
581
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
582
#~ "/usr/sbin/make-ca.sh\n"
583
#~ "</userinput>"
584
#~ msgstr ""
585
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
586
#~ "/usr/sbin/make-ca.sh\n"
587
#~ "</userinput>"
588
 
7193 jlepiller 589
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
590
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
7156 jlepiller 591
 
7193 jlepiller 592
#~ msgid "6 MB"
593
#~ msgstr "6 Mio"
7156 jlepiller 594
 
7193 jlepiller 595
#~ msgid ""
596
#~ "The certfile.txt file above is actually retrieved from <ulink "
597
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
598
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
599
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
600
#~ " HTML file.  The Download URL above automates that process and also adds a "
601
#~ "line where the date can be extracted as a revision number by the scripts "
602
#~ "below."
603
#~ msgstr ""
604
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
605
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
606
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
607
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
608
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
609
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
610
#~ " par le script."
611
 
612
#~ msgid "Recommended"
613
#~ msgstr "Recommandées"
614
 
615
#~ msgid ""
616
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
617
#~ "<literal>#!/usr/bin/perl -w\n"
618
#~ "\n"
619
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
620
#~ "# Run as ./make-cert.pl > certificate.crt\n"
621
#~ "#\n"
622
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
623
#~ "#\n"
624
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
625
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
626
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
627
#~ "#\n"
628
#~ "# Authors: DJ Lucas\n"
629
#~ "#          Bruce Dubbs\n"
630
#~ "#\n"
631
#~ "# Version 20120211\n"
632
#~ "\n"
633
#~ "my $certdata = './tempfile.cer';\n"
634
#~ "\n"
635
#~ "open( IN, \"cat $certdata|\" )\n"
636
#~ "    || die \"could not open $certdata\";\n"
637
#~ "\n"
638
#~ "my $incert = 0;\n"
639
#~ "\n"
640
#~ "while ( &lt;IN&gt; )\n"
641
#~ "{\n"
642
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
643
#~ "    {\n"
644
#~ "        $incert = 1;\n"
645
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
646
#~ "            || die \"could not pipe to openssl x509\";\n"
647
#~ "    }\n"
648
#~ "\n"
649
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
650
#~ "    {\n"
651
#~ "        close( OUT );\n"
652
#~ "        $incert = 0;\n"
653
#~ "        print \"\\n\\n\";\n"
654
#~ "    }\n"
655
#~ "\n"
656
#~ "    elsif ($incert)\n"
657
#~ "    {\n"
658
#~ "        my @bs = split( /\\\\/ );\n"
659
#~ "        foreach my $b (@bs)\n"
660
#~ "        {\n"
661
#~ "            chomp $b;\n"
662
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
663
#~ "        }\n"
664
#~ "    }\n"
665
#~ "}</literal>\n"
666
#~ "EOF\n"
667
#~ "\n"
668
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
669
#~ msgstr ""
670
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
671
#~ "<literal>#!/usr/bin/perl -w\n"
672
#~ "\n"
673
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
674
#~ "# Run as ./make-cert.pl > certificate.crt\n"
675
#~ "#\n"
676
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
677
#~ "#\n"
678
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
679
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
680
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
681
#~ "#\n"
682
#~ "# Authors: DJ Lucas\n"
683
#~ "#          Bruce Dubbs\n"
684
#~ "#\n"
685
#~ "# Version 20120211\n"
686
#~ "\n"
687
#~ "my $certdata = './tempfile.cer';\n"
688
#~ "\n"
689
#~ "open( IN, \"cat $certdata|\" )\n"
690
#~ "    || die \"could not open $certdata\";\n"
691
#~ "\n"
692
#~ "my $incert = 0;\n"
693
#~ "\n"
694
#~ "while ( &lt;IN&gt; )\n"
695
#~ "{\n"
696
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
697
#~ "    {\n"
698
#~ "        $incert = 1;\n"
699
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
700
#~ "            || die \"could not pipe to openssl x509\";\n"
701
#~ "    }\n"
702
#~ "\n"
703
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
704
#~ "    {\n"
705
#~ "        close( OUT );\n"
706
#~ "        $incert = 0;\n"
707
#~ "        print \"\\n\\n\";\n"
708
#~ "    }\n"
709
#~ "\n"
710
#~ "    elsif ($incert)\n"
711
#~ "    {\n"
712
#~ "        my @bs = split( /\\\\/ );\n"
713
#~ "        foreach my $b (@bs)\n"
714
#~ "        {\n"
715
#~ "            chomp $b;\n"
716
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
717
#~ "        }\n"
718
#~ "    }\n"
719
#~ "}</literal>\n"
720
#~ "EOF\n"
721
#~ "\n"
722
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
723
 
724
#~ msgid ""
725
#~ "The following script creates the certificates and a bundle of all the "
726
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
727
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
728
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
729
#~ "user:"
730
#~ msgstr ""
731
#~ "Le script suivant crée les certificats et un bouquet de tous les "
732
#~ "certificats. Il crée un répertoire <filename "
733
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
734
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
735
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
736
 
737
#~ msgid ""
738
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
739
#~ "<literal>#!/bin/sh\n"
740
#~ "# Begin make-ca.sh\n"
741
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
742
#~ "#\n"
743
#~ "# The file certdata.txt must exist in the local directory\n"
744
#~ "# Version number is obtained from the version of the data.\n"
745
#~ "#\n"
746
#~ "# Authors: DJ Lucas\n"
747
#~ "#          Bruce Dubbs\n"
748
#~ "#\n"
749
#~ "# Version 20120211\n"
750
#~ "\n"
751
#~ "# Some data in the certs have UTF-8 characters\n"
752
#~ "export LANG=en_US.utf8\n"
753
#~ "\n"
754
#~ "certdata=\"certdata.txt\"\n"
755
#~ "\n"
756
#~ "if [ ! -r $certdata ]; then\n"
757
#~ "  echo \"$certdata must be in the local directory\"\n"
758
#~ "  exit 1\n"
759
#~ "fi\n"
760
#~ "\n"
761
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
762
#~ "\n"
763
#~ "if [ -z \"${REVISION}\" ]; then\n"
764
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
765
#~ "  exit 1\n"
766
#~ "fi\n"
767
#~ "\n"
768
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
769
#~ "\n"
770
#~ "TEMPDIR=$(mktemp -d)\n"
771
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
772
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
773
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
774
#~ "SSLDIR=\"/etc/ssl\"\n"
775
#~ "\n"
776
#~ "mkdir \"${TEMPDIR}/certs\"\n"
777
#~ "\n"
778
#~ "# Get a list of starting lines for each cert\n"
779
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
780
#~ "\n"
781
#~ "# Get a list of ending lines for each cert\n"
782
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
783
#~ "\n"
784
#~ "# Start a loop\n"
785
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
786
#~ "  for certend in ${CERTENDLIST}; do\n"
787
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
788
#~ "      break\n"
789
#~ "    fi\n"
790
#~ "  done\n"
791
#~ "\n"
792
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
793
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
794
#~ "done\n"
795
#~ "\n"
796
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
797
#~ "\n"
798
#~ "mkdir -p certs\n"
799
#~ "rm -f certs/*      # Make sure the directory is clean\n"
800
#~ "\n"
801
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
802
#~ "  # Make sure that the cert is trusted...\n"
803
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
804
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
805
#~ "\n"
806
#~ "  if test \"${?}\" = \"0\"; then\n"
807
#~ "    # Throw a meaningful error and remove the file\n"
808
#~ "    cp \"${tempfile}\" tempfile.cer\n"
809
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
810
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
811
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
812
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
813
#~ "    continue\n"
814
#~ "  fi\n"
815
#~ "\n"
816
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
817
#~ "  # Find the cert data and generate a cert file for it\n"
818
#~ "\n"
819
#~ "  cp \"${tempfile}\" tempfile.cer\n"
820
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
821
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
822
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
823
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
824
#~ "  echo \"Created ${keyhash}.pem\"\n"
825
#~ "done\n"
826
#~ "\n"
827
#~ "# Remove blacklisted files\n"
828
#~ "# MD5 Collision Proof of Concept CA\n"
829
#~ "if test -f certs/8f111d69.pem; then\n"
830
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
831
#~ "  rm -f certs/8f111d69.pem\n"
832
#~ "fi\n"
833
#~ "\n"
834
#~ "# Finally, generate the bundle and clean up.\n"
835
#~ "cat certs/*.pem >  ${BUNDLE}\n"
836
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
837
#~ "EOF\n"
838
#~ "\n"
839
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
840
#~ msgstr ""
841
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
842
#~ "<literal>#!/bin/sh\n"
843
#~ "# Begin make-ca.sh\n"
844
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
845
#~ "#\n"
846
#~ "# The file certdata.txt must exist in the local directory\n"
847
#~ "# Version number is obtained from the version of the data.\n"
848
#~ "#\n"
849
#~ "# Authors: DJ Lucas\n"
850
#~ "#          Bruce Dubbs\n"
851
#~ "#\n"
852
#~ "# Version 20120211\n"
853
#~ "\n"
854
#~ "# Some data in the certs have UTF-8 characters\n"
855
#~ "export LANG=en_US.utf8\n"
856
#~ "\n"
857
#~ "certdata=\"certdata.txt\"\n"
858
#~ "\n"
859
#~ "if [ ! -r $certdata ]; then\n"
860
#~ "  echo \"$certdata must be in the local directory\"\n"
861
#~ "  exit 1\n"
862
#~ "fi\n"
863
#~ "\n"
864
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
865
#~ "\n"
866
#~ "if [ -z \"${REVISION}\" ]; then\n"
867
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
868
#~ "  exit 1\n"
869
#~ "fi\n"
870
#~ "\n"
871
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
872
#~ "\n"
873
#~ "TEMPDIR=$(mktemp -d)\n"
874
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
875
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
876
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
877
#~ "SSLDIR=\"/etc/ssl\"\n"
878
#~ "\n"
879
#~ "mkdir \"${TEMPDIR}/certs\"\n"
880
#~ "\n"
881
#~ "# Get a list of starting lines for each cert\n"
882
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
883
#~ "\n"
884
#~ "# Get a list of ending lines for each cert\n"
885
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
886
#~ "\n"
887
#~ "# Start a loop\n"
888
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
889
#~ "  for certend in ${CERTENDLIST}; do\n"
890
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
891
#~ "      break\n"
892
#~ "    fi\n"
893
#~ "  done\n"
894
#~ "\n"
895
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
896
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
897
#~ "done\n"
898
#~ "\n"
899
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
900
#~ "\n"
901
#~ "mkdir -p certs\n"
902
#~ "rm -f certs/*      # Make sure the directory is clean\n"
903
#~ "\n"
904
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
905
#~ "  # Make sure that the cert is trusted...\n"
906
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
907
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
908
#~ "\n"
909
#~ "  if test \"${?}\" = \"0\"; then\n"
910
#~ "    # Throw a meaningful error and remove the file\n"
911
#~ "    cp \"${tempfile}\" tempfile.cer\n"
912
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
913
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
914
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
915
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
916
#~ "    continue\n"
917
#~ "  fi\n"
918
#~ "\n"
919
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
920
#~ "  # Find the cert data and generate a cert file for it\n"
921
#~ "\n"
922
#~ "  cp \"${tempfile}\" tempfile.cer\n"
923
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
924
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
925
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
926
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
927
#~ "  echo \"Created ${keyhash}.pem\"\n"
928
#~ "done\n"
929
#~ "\n"
930
#~ "# Remove blacklisted files\n"
931
#~ "# MD5 Collision Proof of Concept CA\n"
932
#~ "if test -f certs/8f111d69.pem; then\n"
933
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
934
#~ "  rm -f certs/8f111d69.pem\n"
935
#~ "fi\n"
936
#~ "\n"
937
#~ "# Finally, generate the bundle and clean up.\n"
938
#~ "cat certs/*.pem >  ${BUNDLE}\n"
939
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
940
#~ "EOF\n"
941
#~ "\n"
942
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
943
 
944
#~ msgid ""
945
#~ "Add a short script to remove expired certificates from a directory.  Again "
946
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
947
#~ "user:"
948
#~ msgstr ""
949
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
950
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
951
#~ "class=\"username\">root</systemitem>&nbsp;:"
952
 
953
#~ msgid ""
954
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
955
#~ "<literal>#!/bin/sh\n"
956
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
957
#~ "#\n"
958
#~ "# Version 20120211\n"
959
#~ "\n"
960
#~ "# Make sure the date is parsed correctly on all systems\n"
961
#~ "mydate()\n"
962
#~ "{\n"
963
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
964
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
965
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
966
#~ "  local m\n"
967
#~ "\n"
968
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
969
#~ "\n"
970
#~ "  case $M in\n"
971
#~ "    Jan) m=\"01\";;\n"
972
#~ "    Feb) m=\"02\";;\n"
973
#~ "    Mar) m=\"03\";;\n"
974
#~ "    Apr) m=\"04\";;\n"
975
#~ "    May) m=\"05\";;\n"
976
#~ "    Jun) m=\"06\";;\n"
977
#~ "    Jul) m=\"07\";;\n"
978
#~ "    Aug) m=\"08\";;\n"
979
#~ "    Sep) m=\"09\";;\n"
980
#~ "    Oct) m=\"10\";;\n"
981
#~ "    Nov) m=\"11\";;\n"
982
#~ "    Dec) m=\"12\";;\n"
983
#~ "  esac\n"
984
#~ "\n"
985
#~ "  certdate=\"${y}${m}${d}\"\n"
986
#~ "}\n"
987
#~ "\n"
988
#~ "OPENSSL=/usr/bin/openssl\n"
989
#~ "DIR=/etc/ssl/certs\n"
990
#~ "\n"
991
#~ "if [ $# -gt 0 ]; then\n"
992
#~ "  DIR=\"$1\"\n"
993
#~ "fi\n"
994
#~ "\n"
995
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
996
#~ "today=$( date +%Y%m%d )\n"
997
#~ "\n"
998
#~ "for cert in $certs; do\n"
999
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1000
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1001
#~ "  mydate \"$date\"\n"
1002
#~ "\n"
1003
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1004
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1005
#~ "     rm -f \"${cert}\"\n"
1006
#~ "  fi\n"
1007
#~ "done</literal>\n"
1008
#~ "EOF\n"
1009
#~ "\n"
1010
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1011
#~ msgstr ""
1012
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1013
#~ "<literal>#!/bin/sh\n"
1014
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1015
#~ "#\n"
1016
#~ "# Version 20120211\n"
1017
#~ "\n"
1018
#~ "# Make sure the date is parsed correctly on all systems\n"
1019
#~ "mydate()\n"
1020
#~ "{\n"
1021
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1022
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1023
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1024
#~ "  local m\n"
1025
#~ "\n"
1026
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1027
#~ "\n"
1028
#~ "  case $M in\n"
1029
#~ "    Jan) m=\"01\";;\n"
1030
#~ "    Feb) m=\"02\";;\n"
1031
#~ "    Mar) m=\"03\";;\n"
1032
#~ "    Apr) m=\"04\";;\n"
1033
#~ "    May) m=\"05\";;\n"
1034
#~ "    Jun) m=\"06\";;\n"
1035
#~ "    Jul) m=\"07\";;\n"
1036
#~ "    Aug) m=\"08\";;\n"
1037
#~ "    Sep) m=\"09\";;\n"
1038
#~ "    Oct) m=\"10\";;\n"
1039
#~ "    Nov) m=\"11\";;\n"
1040
#~ "    Dec) m=\"12\";;\n"
1041
#~ "  esac\n"
1042
#~ "\n"
1043
#~ "  certdate=\"${y}${m}${d}\"\n"
1044
#~ "}\n"
1045
#~ "\n"
1046
#~ "OPENSSL=/usr/bin/openssl\n"
1047
#~ "DIR=/etc/ssl/certs\n"
1048
#~ "\n"
1049
#~ "if [ $# -gt 0 ]; then\n"
1050
#~ "  DIR=\"$1\"\n"
1051
#~ "fi\n"
1052
#~ "\n"
1053
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1054
#~ "today=$( date +%Y%m%d )\n"
1055
#~ "\n"
1056
#~ "for cert in $certs; do\n"
1057
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1058
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1059
#~ "  mydate \"$date\"\n"
1060
#~ "\n"
1061
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1062
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1063
#~ "     rm -f \"${cert}\"\n"
1064
#~ "  fi\n"
1065
#~ "done</literal>\n"
1066
#~ "EOF\n"
1067
#~ "\n"
1068
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1069
 
1070
#~ msgid ""
1071
#~ "The following commands will fetch the certificates and convert them to the "
1072
#~ "correct format.  If desired, a web browser may be used instead of "
1073
#~ "<application>wget</application> but the file will need to be saved with the "
1074
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1075
#~ "necessary to update the CA Certificates."
1076
#~ msgstr ""
1077
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1078
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1079
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1080
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1081
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1082
#~ "jour les Certificats CA."
1083
 
1084
#~ msgid ""
1085
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1086
#~ "rm -f certdata.txt &amp;&amp;\n"
1087
#~ "wget $URL          &amp;&amp;\n"
1088
#~ "make-ca.sh         &amp;&amp;\n"
1089
#~ "unset URL</userinput>"
1090
#~ msgstr ""
1091
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1092
#~ "rm -f certdata.txt &amp;&amp;\n"
1093
#~ "wget $URL          &amp;&amp;\n"
1094
#~ "make-ca.sh         &amp;&amp;\n"
1095
#~ "unset URL</userinput>"
1096
 
1097
#~ msgid ""
1098
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1099
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1100
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1101
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1102
#~ "c_rehash                                                     &amp;&amp;\n"
1103
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1104
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1105
#~ "unset SSLDIR</userinput>"
1106
#~ msgstr ""
1107
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1108
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1109
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1110
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1111
#~ "c_rehash                                                     &amp;&amp;\n"
1112
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1113
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1114
#~ "unset SSLDIR</userinput>"
1115
 
1116
#~ msgid "Finally, clean up the current directory:"
1117
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1118
 
1119
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1120
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1121
 
1122
#~ msgid ""
1123
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1124
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1125
#~ "certs'/>."
1126
#~ msgstr ""
1127
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1128
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1129
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1130
 
1131
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1132
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1133
 
1134
#~ msgid "<command>make-cert.pl</command>"
1135
#~ msgstr "<command>make-cert.pl</command>"
1136
 
1137
#~ msgid ""
1138
#~ "is a utility <application>perl</application> script that converts a single "
1139
#~ "binary certificate (.der format) into .pem format."
1140
#~ msgstr ""
1141
#~ "est un script <application>perl</application> qui convertit un certificat "
1142
#~ "binaire unique (format .der) au format .pem."
1143
 
1144
#~ msgid "make-cert"
1145
#~ msgstr "make-cert"
1146
 
1147
#~ msgid "<command>remove-expired-certs.sh</command>"
1148
#~ msgstr "<command>remove-expired-certs.sh</command>"
1149
 
1150
#~ msgid ""
1151
#~ "is a utility shell script that removes expired certificates from a "
1152
#~ "directory.  The default directory is <filename "
1153
#~ "class='directory'>/etc/ssl/certs</filename>."
1154
#~ msgstr ""
1155
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1156
#~ " répertoire par défaut est <filename "
1157
#~ "class='directory'>/etc/ssl/certs</filename>."
1158
 
1159
#~ msgid "remove-expired-certs"
1160
#~ msgstr "remove-expired-certs"