Rev 7310 | Rev 7318 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 7156 | jlepiller | 1 | # SOME DESCRIPTIVE TITLE |
| 2 | # Copyright (C) YEAR Free Software Foundation, Inc. |
||
| 3 | # This file is distributed under the same license as the PACKAGE package. |
||
| 4 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
||
| 7313 | jlepiller | 5 | # |
| 7156 | jlepiller | 6 | msgid "" |
| 7 | msgstr "" |
||
| 8 | "Project-Id-Version: PACKAGE VERSION\n" |
||
| 7313 | jlepiller | 9 | "POT-Creation-Date: 2017-09-16 04:05+0000\n" |
| 10 | "PO-Revision-Date: 2017-09-16 08:36+0000\n" |
||
| 7156 | jlepiller | 11 | "Last-Translator: roptat <roptat@lepiller.eu>\n" |
| 12 | "Language-Team: LANGUAGE <LL@li.org>\n" |
||
| 7313 | jlepiller | 13 | "Language: fr\n" |
| 7156 | jlepiller | 14 | "MIME-Version: 1.0\n" |
| 15 | "Content-Type: text/plain; charset=UTF-8\n" |
||
| 16 | "Content-Transfer-Encoding: 8bit\n" |
||
| 17 | "Plural-Forms: nplurals=2; plural=(n > 1);\n" |
||
| 7258 | jlepiller | 18 | "X-Generator: Pootle 2.8\n" |
| 7313 | jlepiller | 19 | "X-POOTLE-MTIME: 1505550972.540758\n" |
| 7156 | jlepiller | 20 | |
| 7202 | jlepiller | 21 | #. type: Content of the certhost entity |
| 7156 | jlepiller | 22 | #: blfs-en/postlfs/security/cacerts.xml:7 |
| 7202 | jlepiller | 23 | msgid "https://hg.mozilla.org/" |
| 24 | msgstr "https://hg.mozilla.org/" |
||
| 7156 | jlepiller | 25 | |
| 7202 | jlepiller | 26 | #. type: Content of the certpath entity |
| 7156 | jlepiller | 27 | #: blfs-en/postlfs/security/cacerts.xml:8 |
| 7202 | jlepiller | 28 | msgid "/lib/ckfw/builtins/certdata.txt" |
| 29 | msgstr "/lib/ckfw/builtins/certdata.txt" |
||
| 7156 | jlepiller | 30 | |
| 7202 | jlepiller | 31 | #. type: Content of the ca-bundle-download entity |
| 7156 | jlepiller | 32 | #: blfs-en/postlfs/security/cacerts.xml:9 |
| 7202 | jlepiller | 33 | msgid "&sources-anduin-http;/other/certdata.txt" |
| 34 | msgstr "&sources-anduin-http;/other/certdata.txt" |
||
| 7156 | jlepiller | 35 | |
| 7202 | jlepiller | 36 | #. type: Content of the ca-bundle-size entity |
| 7156 | jlepiller | 37 | #: blfs-en/postlfs/security/cacerts.xml:10 |
| 7202 | jlepiller | 38 | msgid "1.6 MB" |
| 7233 | jlepiller | 39 | msgstr "1.6 Mo" |
| 7156 | jlepiller | 40 | |
| 7202 | jlepiller | 41 | #. type: Content of the cacerts-buildsize entity |
| 7156 | jlepiller | 42 | #: blfs-en/postlfs/security/cacerts.xml:11 |
| 7258 | jlepiller | 43 | msgid "6.5 MB (with all runtime deps)" |
| 44 | msgstr "6.5 Mo (avec toutes les dépendances à l'exécution)" |
||
| 7156 | jlepiller | 45 | |
| 7202 | jlepiller | 46 | #. type: Content of the cacerts-time entity |
| 47 | #: blfs-en/postlfs/security/cacerts.xml:12 |
||
| 48 | msgid "0.2 SBU (with all runtime deps)" |
||
| 49 | msgstr "0.2 SBU (avec toutes les dépendances à l'exécution)" |
||
| 50 | |||
| 51 | #. type: Content of the make-ca-download entity |
||
| 52 | #: blfs-en/postlfs/security/cacerts.xml:14 |
||
| 7203 | jlepiller | 53 | msgid "&sources-anduin-http;/other/make-ca.sh-&make-ca-version;" |
| 54 | msgstr "&sources-anduin-http;/other/make-ca.sh-&make-ca-version;" |
||
| 7202 | jlepiller | 55 | |
| 56 | #. type: Content of the make-ca-size entity |
||
| 57 | #: blfs-en/postlfs/security/cacerts.xml:15 |
||
| 7258 | jlepiller | 58 | msgid "24 KB" |
| 59 | msgstr "24 Ko" |
||
| 7202 | jlepiller | 60 | |
| 61 | #. type: Content of the make-ca-md5sum entity |
||
| 62 | #: blfs-en/postlfs/security/cacerts.xml:16 |
||
| 7264 | jlepiller | 63 | msgid "a21a04d6ff5c4645c748220dbaa9f221" |
| 64 | msgstr "a21a04d6ff5c4645c748220dbaa9f221" |
||
| 7202 | jlepiller | 65 | |
| 7156 | jlepiller | 66 | #. type: Content of: <sect1><sect1info> |
| 7202 | jlepiller | 67 | #: blfs-en/postlfs/security/cacerts.xml:23 |
| 7313 | jlepiller | 68 | #| msgid "" |
| 69 | #| "<othername>$LastChangedBy: dj $</othername> <date>$Date: 2017-08-30 23:58:57" |
||
| 70 | #| " +0000 (Wed, 30 Aug 2017) $</date>" |
||
| 7156 | jlepiller | 71 | msgid "" |
| 7313 | jlepiller | 72 | "<othername>$LastChangedBy: pierre $</othername> <date>$Date: 2017-09-15 " |
| 73 | "20:50:02 +0000 (Fri, 15 Sep 2017) $</date>" |
||
| 7156 | jlepiller | 74 | msgstr "" |
| 7313 | jlepiller | 75 | "<othername>$LastChangedBy: pierre $</othername> <date>$Date: 2017-09-15 " |
| 76 | "20:50:02 +0000 (Fri, 15 Sep 2017) $</date>" |
||
| 7156 | jlepiller | 77 | |
| 78 | #. type: Content of: <sect1><indexterm><primary> |
||
| 7202 | jlepiller | 79 | #: blfs-en/postlfs/security/cacerts.xml:27 |
| 80 | #: blfs-en/postlfs/security/cacerts.xml:50 |
||
| 7156 | jlepiller | 81 | msgid "Certificate Authority Certificates" |
| 7159 | jlepiller | 82 | msgstr "Certificats d'autorité de certification" |
| 7156 | jlepiller | 83 | |
| 84 | #. type: Content of: <sect1><para> |
||
| 7202 | jlepiller | 85 | #: blfs-en/postlfs/security/cacerts.xml:29 |
| 7156 | jlepiller | 86 | msgid "" |
| 7202 | jlepiller | 87 | "Public Key Infrastructure (PKI) is a method to validate the authenticity of " |
| 88 | "an otherwise unknown entity across untrusted networks. PKI works by " |
||
| 89 | "establishing a chain of trust, rather than trusting each individual host or " |
||
| 90 | "entity explicitly. In order for a certificate presented by a remote entity " |
||
| 91 | "to be trusted, that certificate must present a complete chain of " |
||
| 92 | "certificates that can be validated using the root certificate of a " |
||
| 93 | "Certificate Authority (CA) that is trusted by the local machine." |
||
| 7156 | jlepiller | 94 | msgstr "" |
| 7202 | jlepiller | 95 | "Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider " |
| 96 | "l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne " |
||
| 97 | "sont pas de confiance. La PKI fonctionne en établissant une chaîne de " |
||
| 98 | "confiance, plutôt que de faire confiance individuellement à chaque hôte ou " |
||
| 99 | "entité de manière explicite. Pour qu'un certificat présenté par une entité " |
||
| 100 | "distante soit reconnu, le certificat doit présenter une chaîne complète de " |
||
| 101 | "certificats qui peuvent être validé en utilisant le certificat racine d'une " |
||
| 102 | "autorité de certification (CA) en laquelle la machine locale a confiance." |
||
| 7156 | jlepiller | 103 | |
| 7202 | jlepiller | 104 | #. type: Content of: <sect1><para> |
| 105 | #: blfs-en/postlfs/security/cacerts.xml:37 |
||
| 106 | msgid "" |
||
| 107 | "Establishing trust with a CA involves validating things like company " |
||
| 108 | "address, ownership, contact information, etc., and ensuring that the CA has " |
||
| 109 | "followed best practices, such as undergoing periodic security audits by " |
||
| 110 | "independent investigators and maintaining an always available certificate " |
||
| 111 | "revocation list. This is well outside the scope of BLFS (as it is for most " |
||
| 112 | "Linux distributions). The certificate store provided here is taken from the " |
||
| 113 | "Mozilla Foundation, who have established very strict inclusion policies " |
||
| 114 | "described <ulink url=\"https://www.mozilla.org/en-" |
||
| 115 | "US/about/governance/policies/security-group/certs/\">here</ulink>." |
||
| 116 | msgstr "" |
||
| 117 | "L'établissement de la confiance avec une CA nécessite de valider des choses " |
||
| 118 | "comme l'adresse de la compagnie, la propriété, les informations de contact, " |
||
| 119 | "etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des " |
||
| 120 | "audits de sécurité périodiques par des enquêteurs indépendants et le " |
||
| 7216 | jlepiller | 121 | "maintient d'une liste de révocation de certificats toujours disponible. Ceci" |
| 122 | " est bien au delà de la portée de BLFS (comme pour la plupart des " |
||
| 123 | "distributions Linux). Le magasin de certificats fournit ici est emprunté à " |
||
| 124 | "la fondation Mozilla, qui ont établit une politique d'inclusion très stricte" |
||
| 125 | " décrite <ulink url=\"https://www.mozilla.org/en-" |
||
| 126 | "US/about/governance/policies/security-group/certs/\">ici</ulink>." |
||
| 7202 | jlepiller | 127 | |
| 7156 | jlepiller | 128 | #. type: Content of: <sect1><sect2><title> |
| 7202 | jlepiller | 129 | #: blfs-en/postlfs/security/cacerts.xml:54 |
| 7156 | jlepiller | 130 | msgid "Introduction to Certificate Authorities" |
| 131 | msgstr "Introduction à Certificate Authorities" |
||
| 132 | |||
| 133 | #. type: Content of: <sect1><sect2><bridgehead> |
||
| 7202 | jlepiller | 134 | #: blfs-en/postlfs/security/cacerts.xml:56 |
| 7156 | jlepiller | 135 | msgid "Package Information" |
| 136 | msgstr "Informations sur le paquet" |
||
| 137 | |||
| 138 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7202 | jlepiller | 139 | #: blfs-en/postlfs/security/cacerts.xml:59 |
| 7193 | jlepiller | 140 | msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>" |
| 141 | msgstr "Téléchargement (HTTP) : <ulink url=\"&make-ca-download;\"/>" |
||
| 7156 | jlepiller | 142 | |
| 143 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7202 | jlepiller | 144 | #: blfs-en/postlfs/security/cacerts.xml:62 |
| 7193 | jlepiller | 145 | msgid "Download size: &make-ca-size;" |
| 146 | msgstr "Taille du téléchargement : &make-ca-size;" |
||
| 7156 | jlepiller | 147 | |
| 148 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7202 | jlepiller | 149 | #: blfs-en/postlfs/security/cacerts.xml:65 |
| 7193 | jlepiller | 150 | msgid "Download MD5 Sum: &make-ca-md5sum;" |
| 7196 | jlepiller | 151 | msgstr "Somme MD5 du téléchargement : &make-ca-md5sum;" |
| 7193 | jlepiller | 152 | |
| 153 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7202 | jlepiller | 154 | #: blfs-en/postlfs/security/cacerts.xml:68 |
| 7156 | jlepiller | 155 | msgid "Estimated disk space required: &cacerts-buildsize;" |
| 156 | msgstr "Estimation de l'espace disque requis : &cacerts-buildsize;" |
||
| 157 | |||
| 158 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7202 | jlepiller | 159 | #: blfs-en/postlfs/security/cacerts.xml:71 |
| 7156 | jlepiller | 160 | msgid "Estimated build time: &cacerts-time;" |
| 161 | msgstr "Estimation du temps de construction : &cacerts-time;" |
||
| 162 | |||
| 163 | #. type: Content of: <sect1><sect2><bridgehead> |
||
| 7202 | jlepiller | 164 | #: blfs-en/postlfs/security/cacerts.xml:76 |
| 165 | msgid "Additional Downloads" |
||
| 166 | msgstr "Téléchargements supplémentaires" |
||
| 167 | |||
| 168 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 169 | #: blfs-en/postlfs/security/cacerts.xml:80 |
||
| 170 | msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>" |
||
| 171 | msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>" |
||
| 172 | |||
| 173 | #. type: Content of: <sect1><sect2><bridgehead> |
||
| 174 | #: blfs-en/postlfs/security/cacerts.xml:86 |
||
| 7156 | jlepiller | 175 | msgid "Certificate Authority Certificates Dependencies" |
| 176 | msgstr "Dépendances de Certificate Authority Certificates" |
||
| 177 | |||
| 178 | #. type: Content of: <sect1><sect2><bridgehead> |
||
| 7202 | jlepiller | 179 | #: blfs-en/postlfs/security/cacerts.xml:88 |
| 7156 | jlepiller | 180 | msgid "Required" |
| 181 | msgstr "Requises" |
||
| 182 | |||
| 183 | #. type: Content of: <sect1><sect2><para> |
||
| 7202 | jlepiller | 184 | #: blfs-en/postlfs/security/cacerts.xml:89 |
| 185 | msgid "<xref linkend=\"openssl\"/>" |
||
| 186 | msgstr "<xref linkend=\"openssl\"/>" |
||
| 7156 | jlepiller | 187 | |
| 7202 | jlepiller | 188 | #. type: Content of: <sect1><sect2><bridgehead> |
| 189 | #: blfs-en/postlfs/security/cacerts.xml:91 |
||
| 190 | msgid "Optional (runtime)" |
||
| 191 | msgstr "Facultatives (exécution)" |
||
| 192 | |||
| 7156 | jlepiller | 193 | #. type: Content of: <sect1><sect2><para> |
| 7202 | jlepiller | 194 | #: blfs-en/postlfs/security/cacerts.xml:93 |
| 7313 | jlepiller | 195 | #| msgid "" |
| 196 | #| "<xref linkend=\"java\"/> or <xref linkend=\"openjdk\"/>, <xref " |
||
| 197 | #| "linkend=\"nss\"/>, and <xref linkend=\"p11-kit\"/>" |
||
| 7202 | jlepiller | 198 | msgid "" |
| 7313 | jlepiller | 199 | "<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" " |
| 200 | "linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/>, and <xref " |
||
| 201 | "role=\"runtime\" linkend=\"p11-kit\"/>" |
||
| 7202 | jlepiller | 202 | msgstr "" |
| 7313 | jlepiller | 203 | "<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" " |
| 204 | "linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/> et <xref " |
||
| 205 | "role=\"runtime\" linkend=\"p11-kit\"/>" |
||
| 7202 | jlepiller | 206 | |
| 207 | #. type: Content of: <sect1><sect2><para> |
||
| 7313 | jlepiller | 208 | #: blfs-en/postlfs/security/cacerts.xml:99 |
| 7156 | jlepiller | 209 | msgid "User Notes: <ulink url='&blfs-wiki;/cacerts'/>" |
| 210 | msgstr "Notes utilisateur : <ulink url='&blfs-wiki;/cacerts'/>" |
||
| 211 | |||
| 212 | #. type: Content of: <sect1><sect2><title> |
||
| 7313 | jlepiller | 213 | #: blfs-en/postlfs/security/cacerts.xml:104 |
| 7156 | jlepiller | 214 | msgid "Installation of Certificate Authority Certificates" |
| 215 | msgstr "Installation de Certificate Authority Certificates" |
||
| 216 | |||
| 217 | #. type: Content of: <sect1><sect2><para> |
||
| 7313 | jlepiller | 218 | #: blfs-en/postlfs/security/cacerts.xml:106 |
| 7156 | jlepiller | 219 | msgid "" |
| 7203 | jlepiller | 220 | "The <application>make-ca.sh</application> script will process the " |
| 221 | "certificates included in the <filename>certdata.txt</filename> file for use " |
||
| 222 | "in multiple certificate stores (if the associated applications are present " |
||
| 223 | "on the system). Additionally, any local certificates stored in " |
||
| 7202 | jlepiller | 224 | "<filename>/etc/ssl/local</filename> will be imported to the certificate " |
| 225 | "stores. Certificates in this directory should be stored as PEM encoded " |
||
| 226 | "<application>OpenSSL</application> trusted certificates." |
||
| 7156 | jlepiller | 227 | msgstr "" |
| 7202 | jlepiller | 228 | "Le script <application>make-ca.sh</application> adaptera les certificats " |
| 229 | "inclus dans le fichier <filename>certdata.txt</filename> pour l'utiliser " |
||
| 230 | "dans de multiples magasins de certificats (si les applications associées " |
||
| 231 | "sont présentes sur le système). De plus, tout certificat local stocké dans " |
||
| 232 | "<filename>/etc/ssl/local</filename> sera importé dans les magasins de " |
||
| 233 | "certificats. Les certificats de ce répertoire devraient être stockés sous " |
||
| 234 | "forme de certificats de confiance <application>OpenSSL</application> encodé " |
||
| 235 | "en PEM." |
||
| 7156 | jlepiller | 236 | |
| 7193 | jlepiller | 237 | #. type: Content of: <sect1><sect2><para> |
| 7313 | jlepiller | 238 | #: blfs-en/postlfs/security/cacerts.xml:114 |
| 7156 | jlepiller | 239 | msgid "" |
| 7202 | jlepiller | 240 | "To create an <application>OpenSSL</application> trusted certificate from a " |
| 241 | "regular PEM encoded file, provided by a CA not included in Mozilla's " |
||
| 242 | "certificate distribution, you need to add trust arguments to the " |
||
| 243 | "<command>openssl</command> command, and create a new certificate. There are " |
||
| 7280 | jlepiller | 244 | "three trust types that are recognized by the <application>make-" |
| 7202 | jlepiller | 245 | "ca.sh</application> script, SSL/TLS, S/Mime, and code signing. For example, " |
| 7280 | jlepiller | 246 | "using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> root, if you " |
| 247 | "want it to be trusted for all three roles, the following commands will " |
||
| 248 | "create an appropriate OpenSSL trusted certificate:" |
||
| 7156 | jlepiller | 249 | msgstr "" |
| 7202 | jlepiller | 250 | "Pour créer un certificat de confiance <application>OpenSSL</application> " |
| 251 | "depuis un fichier normal encodé en PEM fournit par une CA qui n'est pas " |
||
| 252 | "incluse dans la distribution de certificats de Mozilla, vous devrez ajouter " |
||
| 7280 | jlepiller | 253 | "des arguments « trust » à la commande <command>openssl</command> " |
| 254 | "et créer un nouveau certificat. Il y a trois types de confiances qui sont " |
||
| 255 | "reconnues par le script <application>make-ca.sh</application> : " |
||
| 256 | "SSL/TLS, S/Mime et la signature de code. Par exemple, si vous souhaitez " |
||
| 257 | "utiliser la racine de <ulink url=\"http://www.cacert.org/\">CAcert</ulink> " |
||
| 258 | "pour qu'elle soit de confiance pour ces trois rôles, les commandes suivantes" |
||
| 259 | " créent un nouveau certificat de confiance OpenSSL approprié :" |
||
| 7156 | jlepiller | 260 | |
| 7202 | jlepiller | 261 | #. type: Content of: <sect1><sect2><screen> |
| 7313 | jlepiller | 262 | #: blfs-en/postlfs/security/cacerts.xml:125 |
| 7202 | jlepiller | 263 | #, no-wrap |
| 264 | msgid "" |
||
| 7280 | jlepiller | 265 | "<userinput>install -vdm755 /etc/ssl/local &&\n" |
| 266 | "wget http://www.cacert.org/certs/root.crt &&\n" |
||
| 267 | "openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n" |
||
| 268 | " -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n" |
||
| 269 | " > /etc/ssl/local/CAcert_Class_1_root.pem</userinput>" |
||
| 7202 | jlepiller | 270 | msgstr "" |
| 7280 | jlepiller | 271 | "<userinput>install -vdm755 /etc/ssl/local &&\n" |
| 272 | "wget http://www.cacert.org/certs/root.crt &&\n" |
||
| 273 | "openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n" |
||
| 274 | " -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n" |
||
| 275 | " > /etc/ssl/local/CAcert_Class_1_root.pem</userinput>" |
||
| 7202 | jlepiller | 276 | |
| 7156 | jlepiller | 277 | #. type: Content of: <sect1><sect2><para> |
| 7313 | jlepiller | 278 | #: blfs-en/postlfs/security/cacerts.xml:131 |
| 7156 | jlepiller | 279 | msgid "" |
| 7280 | jlepiller | 280 | "If one of the three trust arguments is omitted, the certificate is neither " |
| 281 | "trusted, nor rejected for that role. Clients that use " |
||
| 282 | "<application>OpenSSL</application> or <application>NSS</application> " |
||
| 283 | "encountering this certificate will present a warning to the user. Clients " |
||
| 284 | "using <application>GnuTLS</application> without " |
||
| 285 | "<application>p11-kit</application> support are not aware of trusted " |
||
| 7202 | jlepiller | 286 | "certificates. To include this CA into the ca-bundle.crt (used for " |
| 287 | "<application>GnuTLS</application>), it must have <envar>serverAuth</envar> " |
||
| 7280 | jlepiller | 288 | "trust. Additionally, to explicitly disallow a certificate for a particular " |
| 289 | "use, replace the <parameter>-addtrust</parameter> flag with the " |
||
| 290 | "<parameter>-addreject</parameter> flag." |
||
| 7156 | jlepiller | 291 | msgstr "" |
| 7280 | jlepiller | 292 | "Si un argument trust en omis, le certificat n'est ni reconnu ni rejeté pour " |
| 293 | "ce rôle. Les clients qui utilisent <application>OpenSSL</application> ou " |
||
| 7202 | jlepiller | 294 | "<application>NSS</application> rencontrant ce certificat renverront un " |
| 295 | "avertissement à l'utilisateur . Les clients qui utilisent " |
||
| 296 | "<application>GnuTLS</application> sans le support de " |
||
| 297 | "<application>p11-kit</application> ne sont pas conscient des certificats de " |
||
| 298 | "confiance. Pour inclure cette CA dans le fichier ca-bundle.crt (utilisé par " |
||
| 7280 | jlepiller | 299 | "<application>GnuTLS</application>), il doit avoir la confiance " |
| 300 | "<envar>serverAuth</envar>. De plus, pour interdire un certificat pour une " |
||
| 301 | "utilisation particulière, remplacez le paramètre " |
||
| 302 | "<parameter>-addtrust</parameter> par le paramètre " |
||
| 303 | "<parameter>-addreject</parameter>." |
||
| 7156 | jlepiller | 304 | |
| 305 | #. type: Content of: <sect1><sect2><para> |
||
| 7313 | jlepiller | 306 | #: blfs-en/postlfs/security/cacerts.xml:143 |
| 7156 | jlepiller | 307 | msgid "" |
| 7202 | jlepiller | 308 | "To install the various certificate stores, first install the <application" |
| 309 | ">make-ca.sh</application> script into the correct location. As the " |
||
| 310 | "<systemitem class=\"username\">root</systemitem> user:" |
||
| 7156 | jlepiller | 311 | msgstr "" |
| 7202 | jlepiller | 312 | "Pour installer les divers magasins de certificats, installez le script " |
| 313 | "<application>make-ca.sh</application> au bon endroit. En tant qu'utilisateur" |
||
| 7197 | jlepiller | 314 | " <systemitem class=\"username\">root</systemitem> :" |
| 7156 | jlepiller | 315 | |
| 316 | #. type: Content of: <sect1><sect2><screen> |
||
| 7313 | jlepiller | 317 | #: blfs-en/postlfs/security/cacerts.xml:147 |
| 7156 | jlepiller | 318 | #, no-wrap |
| 7203 | jlepiller | 319 | msgid "" |
| 320 | "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-" |
||
| 321 | "ca.sh</userinput>" |
||
| 322 | msgstr "" |
||
| 323 | "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-" |
||
| 324 | "ca.sh</userinput>" |
||
| 7156 | jlepiller | 325 | |
| 326 | #. type: Content of: <sect1><sect2><para> |
||
| 7313 | jlepiller | 327 | #: blfs-en/postlfs/security/cacerts.xml:149 |
| 7156 | jlepiller | 328 | msgid "" |
| 7202 | jlepiller | 329 | "As the <systemitem class=\"username\">root</systemitem> user, make sure that" |
| 330 | " certdata.txt is in the current directory, and update the certificate stores" |
||
| 331 | " with the following command:" |
||
| 7156 | jlepiller | 332 | msgstr "" |
| 7196 | jlepiller | 333 | "En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, " |
| 7202 | jlepiller | 334 | "assurez-vous que certdata.txt est dans le répertoire courant, et mettez à " |
| 335 | "jour le magasin de certificats avec la commande suivante :" |
||
| 7156 | jlepiller | 336 | |
| 7308 | jlepiller | 337 | #. type: Content of: <sect1><sect2><note><para> |
| 7313 | jlepiller | 338 | #: blfs-en/postlfs/security/cacerts.xml:154 |
| 7308 | jlepiller | 339 | msgid "" |
| 340 | "If running the script a second time with the same version of " |
||
| 341 | "<filename>certdata.txt</filename>, for instance, to add additional stores as" |
||
| 342 | " the requisite software is installed, add the <parameter>-f</parameter> " |
||
| 343 | "switch to the command line. If packaging, run <command>make-ca.sh " |
||
| 344 | "--help</command> to see all available command line options." |
||
| 345 | msgstr "" |
||
| 346 | "Si vous lancez le script une deuxième fois avec la même version de " |
||
| 347 | "<filename>certdata.txt</filename>, par exemple pour ajouter des magasins " |
||
| 348 | "supplémentaires parce que le logiciel requis est installé, ajoutez l'option " |
||
| 349 | "<parameter>-f</parameter> à la ligne de commande. Si vous créez un paquet, " |
||
| 350 | "lancez <command>make-ca.sh --help</command> pour voir toutes les options de " |
||
| 351 | "la ligne de commande disponibles." |
||
| 352 | |||
| 7156 | jlepiller | 353 | #. type: Content of: <sect1><sect2><screen> |
| 7313 | jlepiller | 354 | #: blfs-en/postlfs/security/cacerts.xml:161 |
| 7156 | jlepiller | 355 | #, no-wrap |
| 7202 | jlepiller | 356 | msgid "<userinput>/usr/sbin/make-ca.sh</userinput>" |
| 357 | msgstr "<userinput>/usr/sbin/make-ca.sh</userinput>" |
||
| 7156 | jlepiller | 358 | |
| 359 | #. type: Content of: <sect1><sect2><para> |
||
| 7313 | jlepiller | 360 | #: blfs-en/postlfs/security/cacerts.xml:163 |
| 7156 | jlepiller | 361 | msgid "" |
| 7202 | jlepiller | 362 | "You should periodically download a copy of <filename>certdata.txt</filename>" |
| 363 | " and run the <application>make-ca.sh</application> script (as the " |
||
| 364 | "<systemitem class=\"username\">root</systemitem> user), or as part of a " |
||
| 365 | "monthly <application>cron</application> job to ensure that you have the " |
||
| 366 | "latest available version of the certificates." |
||
| 7156 | jlepiller | 367 | msgstr "" |
| 7202 | jlepiller | 368 | "Vous devriez télécharger régulièrement une copie de " |
| 369 | "<filename>certdata.txt</filename> et lancer le script <application>make-" |
||
| 7197 | jlepiller | 370 | "ca.sh</application> (en tant qu'utilisateur <systemitem " |
| 371 | "class=\"username\">root</systemitem>), ou en tant que tâche " |
||
| 7202 | jlepiller | 372 | "<application>cron</application> mensuelle pour vous assurer d'avoir la " |
| 7197 | jlepiller | 373 | "dernière version disponible des certificats." |
| 7156 | jlepiller | 374 | |
| 7202 | jlepiller | 375 | #. type: Content of: <sect1><sect2><para> |
| 7313 | jlepiller | 376 | #: blfs-en/postlfs/security/cacerts.xml:170 |
| 7202 | jlepiller | 377 | msgid "" |
| 378 | "The <filename>certdata.txt</filename> file provided by BLFS is obtained from" |
||
| 379 | " the mozilla-release branch, and is modified to provide a simple dated " |
||
| 380 | "revision. This will be the correct version for most systems. There are, " |
||
| 381 | "however, several other variants of the file available for use that might be " |
||
| 7203 | jlepiller | 382 | "preferred for one reason or another, including the files shipped with " |
| 383 | "Mozilla products in this book. RedHat and OpenSUSE, for instance, use the " |
||
| 384 | "version included in <xref linkend=\"nss\"/>. Additional upstream downloads " |
||
| 385 | "are available at the links below." |
||
| 7202 | jlepiller | 386 | msgstr "" |
| 387 | "Le fichier <filename>certdata.txt</filename> fournit par BLFS est obtenu à " |
||
| 388 | "partir de la branche mozilla-release, et est modifié pour fournir une simple" |
||
| 389 | " révision horodatée. Ce sera la bonne version pour la plupart des systèmes. " |
||
| 390 | "Il y a cependant plusieurs variantes du fichier disponibles à l'utilisation " |
||
| 391 | "qui peuvent être préférés pour une raison ou une autre, incluses dans les " |
||
| 392 | "produits Mozilla dans ce livre. RedHat et OpenSUSE par exemple utilisent la " |
||
| 393 | "version incluse dans <xref linkend=\"nss\"/>. Des emplacements de " |
||
| 394 | "téléchargement supplémentaires sont disponibles :" |
||
| 395 | |||
| 396 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7313 | jlepiller | 397 | #: blfs-en/postlfs/security/cacerts.xml:181 |
| 7202 | jlepiller | 398 | msgid "" |
| 399 | "Mozilla Release (the version provided by BLFS): <ulink " |
||
| 400 | "url=\"&certhost;releases/mozilla-release/raw-" |
||
| 401 | "file/default/security/nss&certpath;\"/>" |
||
| 402 | msgstr "" |
||
| 403 | "Mozilla Release (la version fournie par BLFS) : <ulink " |
||
| 404 | "url=\"&certhost;releases/mozilla-release/raw-" |
||
| 405 | "file/default/security/nss&certpath;\"/>" |
||
| 406 | |||
| 407 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7313 | jlepiller | 408 | #: blfs-en/postlfs/security/cacerts.xml:186 |
| 7202 | jlepiller | 409 | msgid "" |
| 410 | "NSS (this is the latest available version): <ulink " |
||
| 7220 | jlepiller | 411 | "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>" |
| 7202 | jlepiller | 412 | msgstr "" |
| 413 | "NSS (c'est la dernière version disponible) : <ulink " |
||
| 7220 | jlepiller | 414 | "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>" |
| 7202 | jlepiller | 415 | |
| 416 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7313 | jlepiller | 417 | #: blfs-en/postlfs/security/cacerts.xml:191 |
| 7202 | jlepiller | 418 | msgid "" |
| 419 | "Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-" |
||
| 420 | "file/default/security/nss&certpath;\"/>" |
||
| 421 | msgstr "" |
||
| 422 | "Mozilla Central : <ulink url=\"&certhost;mozilla-central/raw-" |
||
| 423 | "file/default/security/nss&certpath;\"/>" |
||
| 424 | |||
| 425 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7313 | jlepiller | 426 | #: blfs-en/postlfs/security/cacerts.xml:196 |
| 7202 | jlepiller | 427 | msgid "" |
| 428 | "Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-" |
||
| 429 | "file/default/security/nss&certpath;\"/>" |
||
| 430 | msgstr "" |
||
| 431 | "Mozilla Beta : <ulink url=\"&certhost;releases/mozilla-beta/raw-" |
||
| 432 | "file/default/security/nss&certpath;\"/>" |
||
| 433 | |||
| 434 | #. type: Content of: <sect1><sect2><itemizedlist><listitem><para> |
||
| 7313 | jlepiller | 435 | #: blfs-en/postlfs/security/cacerts.xml:201 |
| 7202 | jlepiller | 436 | msgid "" |
| 437 | "Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-" |
||
| 438 | "file/default/security/nss&certpath;\"/>" |
||
| 439 | msgstr "" |
||
| 440 | "Mozilla Aurora : <ulink url=\"&certhost;releases/mozilla-aurora/raw-" |
||
| 441 | "file/default/security/nss&certpath;\"/>" |
||
| 442 | |||
| 7156 | jlepiller | 443 | #. type: Content of: <sect1><sect2><title> |
| 7313 | jlepiller | 444 | #: blfs-en/postlfs/security/cacerts.xml:210 |
| 7156 | jlepiller | 445 | msgid "Contents" |
| 446 | msgstr "Contenu" |
||
| 447 | |||
| 448 | #. type: Content of: <sect1><sect2><segmentedlist><segtitle> |
||
| 7313 | jlepiller | 449 | #: blfs-en/postlfs/security/cacerts.xml:213 |
| 7156 | jlepiller | 450 | msgid "Installed Programs" |
| 451 | msgstr "Programmes installés" |
||
| 452 | |||
| 453 | #. type: Content of: <sect1><sect2><segmentedlist><segtitle> |
||
| 7313 | jlepiller | 454 | #: blfs-en/postlfs/security/cacerts.xml:214 |
| 7156 | jlepiller | 455 | msgid "Installed Libraries" |
| 456 | msgstr "Bibliothèques installées" |
||
| 457 | |||
| 458 | #. type: Content of: <sect1><sect2><segmentedlist><segtitle> |
||
| 7313 | jlepiller | 459 | #: blfs-en/postlfs/security/cacerts.xml:215 |
| 7156 | jlepiller | 460 | msgid "Installed Directories" |
| 461 | msgstr "Répertoires installés" |
||
| 462 | |||
| 463 | #. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg> |
||
| 7313 | jlepiller | 464 | #: blfs-en/postlfs/security/cacerts.xml:218 |
| 7193 | jlepiller | 465 | msgid "make-ca.sh" |
| 466 | msgstr "make-ca.sh" |
||
| 7156 | jlepiller | 467 | |
| 468 | #. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg> |
||
| 7313 | jlepiller | 469 | #: blfs-en/postlfs/security/cacerts.xml:219 |
| 7156 | jlepiller | 470 | msgid "None" |
| 471 | msgstr "Aucune" |
||
| 472 | |||
| 473 | #. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg> |
||
| 7313 | jlepiller | 474 | #: blfs-en/postlfs/security/cacerts.xml:220 |
| 7202 | jlepiller | 475 | msgid "/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}" |
| 476 | msgstr "/etc/ssl/{certs,java,local} et /etc/pki/{nssdb,anchors}" |
||
| 7156 | jlepiller | 477 | |
| 478 | #. type: Content of: <sect1><sect2><variablelist><bridgehead> |
||
| 7313 | jlepiller | 479 | #: blfs-en/postlfs/security/cacerts.xml:225 |
| 7156 | jlepiller | 480 | msgid "Short Descriptions" |
| 481 | msgstr "Descriptions courtes" |
||
| 482 | |||
| 483 | #. type: Content of: <sect1><sect2><variablelist><varlistentry><term> |
||
| 7313 | jlepiller | 484 | #: blfs-en/postlfs/security/cacerts.xml:230 |
| 7156 | jlepiller | 485 | msgid "<command>make-ca.sh</command>" |
| 486 | msgstr "<command>make-ca.sh</command>" |
||
| 487 | |||
| 7165 | jlepiller | 488 | #. type: Content of: |
| 489 | #. <sect1><sect2><variablelist><varlistentry><listitem><para> |
||
| 7313 | jlepiller | 490 | #: blfs-en/postlfs/security/cacerts.xml:232 |
| 7156 | jlepiller | 491 | msgid "" |
| 7202 | jlepiller | 492 | "is a shell script that adapts a current version of " |
| 7193 | jlepiller | 493 | "<filename>certdata.txt</filename>, and prepares it for use as the system " |
| 494 | "certificate store." |
||
| 7156 | jlepiller | 495 | msgstr "" |
| 7202 | jlepiller | 496 | "est un script shell qui adapte une version actuelle de " |
| 7197 | jlepiller | 497 | "<filename>certdata.txt</filename> et le prépare pour l'utiliser comme " |
| 7196 | jlepiller | 498 | "magasin de certificat du système." |
| 7156 | jlepiller | 499 | |
| 7165 | jlepiller | 500 | #. type: Content of: |
| 501 | #. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary> |
||
| 7313 | jlepiller | 502 | #: blfs-en/postlfs/security/cacerts.xml:236 |
| 7156 | jlepiller | 503 | msgid "make-ca" |
| 504 | msgstr "make-ca" |
||
| 505 | |||
| 7264 | jlepiller | 506 | #~ msgid "b42fd97c173ef67a37fb05ed7587e0a8" |
| 507 | #~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8" |
||
| 508 | |||
| 7258 | jlepiller | 509 | #~ msgid "11 KB" |
| 510 | #~ msgstr "11 Ko" |
||
| 511 | |||
| 512 | #~ msgid "cce9fa4713c4611d9e61f99de612a1e9" |
||
| 513 | #~ msgstr "cce9fa4713c4611d9e61f99de612a1e9" |
||
| 514 | |||
| 7224 | jlepiller | 515 | #~ msgid "5e41c17a3dd6b8195c55092e87e92ef0" |
| 516 | #~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0" |
||
| 517 | |||
| 7214 | jlepiller | 518 | #~ msgid "fca9ae62242800a9dcaee5d400ee5c41" |
| 519 | #~ msgstr "fca9ae62242800a9dcaee5d400ee5c41" |
||
| 520 | |||
| 7203 | jlepiller | 521 | #~ msgid "9e416981cd153d8923e06dc8e39ac534" |
| 522 | #~ msgstr "9e416981cd153d8923e06dc8e39ac534" |
||
| 523 | |||
| 7202 | jlepiller | 524 | #~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808" |
| 525 | #~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808" |
||
| 7156 | jlepiller | 526 | |
| 7202 | jlepiller | 527 | #~ msgid "fbc5687ce7fd5533edbb4e616a1080de" |
| 528 | #~ msgstr "fbc5687ce7fd5533edbb4e616a1080de" |
||
| 529 | |||
| 530 | #~ msgid "487ca7ce6f7b81b3e46362138f93310c" |
||
| 531 | #~ msgstr "487ca7ce6f7b81b3e46362138f93310c" |
||
| 532 | |||
| 533 | #~ msgid "1.4 MB" |
||
| 534 | #~ msgstr "1.4 Mo" |
||
| 535 | |||
| 536 | #~ msgid "0.1 SBU" |
||
| 537 | #~ msgstr "0.1 SBU" |
||
| 538 | |||
| 539 | #~ msgid "" |
||
| 540 | #~ "The Public Key Infrastructure is used for many security features in a Linux " |
||
| 541 | #~ "system. In order for a certificate to be trusted, it must be signed by a " |
||
| 542 | #~ "trusted agent called a Certificate Authority (CA). The certificates " |
||
| 543 | #~ "installed in this section are obtained from the Mozilla version control " |
||
| 544 | #~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref " |
||
| 545 | #~ "linkend='gnutls'/>. The certificates can also be used by other applications," |
||
| 546 | #~ " either directly or indirectly by linking to one of these packages." |
||
| 547 | #~ msgstr "" |
||
| 548 | #~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure " |
||
| 549 | #~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un " |
||
| 550 | #~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un " |
||
| 551 | #~ "agent de confiance, qu'on appelle l'autorité de certification " |
||
| 552 | #~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA). Les " |
||
| 553 | #~ "certificats chargés dans cette section sont issus de la liste du système de " |
||
| 554 | #~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref " |
||
| 555 | #~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>. Les certificats peuvent " |
||
| 556 | #~ "également être utilisés par d'autres applications, directement ou " |
||
| 557 | #~ "indirectement via <application>openssl</application>." |
||
| 558 | |||
| 559 | #~ msgid "" |
||
| 560 | #~ "The <application>make-ca.sh</application> script will download a set of " |
||
| 561 | #~ "certificates from one of five projects (aurora, beta, central, nss, or " |
||
| 562 | #~ "release) in the Mozialla version control system. It defaults to the release " |
||
| 563 | #~ "branch, which is identical to the version that ships with the Mozilla " |
||
| 564 | #~ "products in this book. If you'd like to change the branch that is retrieved," |
||
| 565 | #~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values " |
||
| 566 | #~ "above." |
||
| 567 | #~ msgstr "" |
||
| 568 | #~ "Le script <application>make-ca.sh</application> téléchargement un ensemble " |
||
| 569 | #~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou " |
||
| 570 | #~ "release) du système de contrôle de version de Mozilla. Il est réglé par " |
||
| 571 | #~ "défaut sur la branche release, qui est identique à la version qui vient avec" |
||
| 572 | #~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui " |
||
| 573 | #~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à " |
||
| 574 | #~ "l'une des cinq valeurs ci-dessus." |
||
| 575 | |||
| 576 | #~ msgid "" |
||
| 577 | #~ "Additionally, any local certificates stored in " |
||
| 578 | #~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file" |
||
| 579 | #~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to " |
||
| 580 | #~ "<application>gnutls</application>), and into the certificate store directory" |
||
| 581 | #~ " <filename>/etc/ssl/certs</filename> (used by programs that link to " |
||
| 582 | #~ "<application>OpenSSL</application>). All certificates will pass a date and " |
||
| 583 | #~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-" |
||
| 584 | #~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed" |
||
| 585 | #~ " upon successful completion of this script." |
||
| 586 | #~ msgstr "" |
||
| 587 | #~ "De plus, tout certificat local stocké dans " |
||
| 588 | #~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier " |
||
| 589 | #~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui " |
||
| 590 | #~ "se lient à <application>gnutls</application>) et dans le répertoire du " |
||
| 591 | #~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les " |
||
| 592 | #~ "programmes qui se lient à <application>OpenSSL</application>). Tous les " |
||
| 593 | #~ "certificats passeront un test de validation de leur date et de leur " |
||
| 594 | #~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-" |
||
| 595 | #~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à" |
||
| 596 | #~ " la fin de ce script si tout va bien." |
||
| 597 | |||
| 598 | #~ msgid "" |
||
| 599 | #~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref " |
||
| 600 | #~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at " |
||
| 601 | #~ "<filename>/etc/ssl/java/cacerts</filename>." |
||
| 602 | #~ msgstr "" |
||
| 603 | #~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref " |
||
| 604 | #~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java " |
||
| 605 | #~ "dans <filename>/etc/ssl/java/cacerts</filename>." |
||
| 606 | |||
| 607 | #~ msgid "" |
||
| 608 | #~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &&\n" |
||
| 609 | #~ "/usr/sbin/make-ca.sh\n" |
||
| 610 | #~ "</userinput>" |
||
| 611 | #~ msgstr "" |
||
| 612 | #~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &&\n" |
||
| 613 | #~ "/usr/sbin/make-ca.sh\n" |
||
| 614 | #~ "</userinput>" |
||
| 615 | |||
| 7193 | jlepiller | 616 | #~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins" |
| 617 | #~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins" |
||
| 7156 | jlepiller | 618 | |
| 7193 | jlepiller | 619 | #~ msgid "6 MB" |
| 7233 | jlepiller | 620 | #~ msgstr "6 Mo" |
| 7156 | jlepiller | 621 | |
| 7193 | jlepiller | 622 | #~ msgid "" |
| 623 | #~ "The certfile.txt file above is actually retrieved from <ulink " |
||
| 624 | #~ "url=\"https://hg.mozilla.org/releases/mozilla-" |
||
| 625 | #~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>. It is" |
||
| 626 | #~ " really an HTML file, but the text file can be retrieved indirectly from the" |
||
| 627 | #~ " HTML file. The Download URL above automates that process and also adds a " |
||
| 628 | #~ "line where the date can be extracted as a revision number by the scripts " |
||
| 629 | #~ "below." |
||
| 630 | #~ msgstr "" |
||
| 631 | #~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink " |
||
| 632 | #~ "url=\"https://hg.mozilla.org/releases/mozilla-" |
||
| 633 | #~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>. C'est" |
||
| 634 | #~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement" |
||
| 635 | #~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute " |
||
| 636 | #~ "aussi une ligne où la date peut être extraite en tant que numéro de révision" |
||
| 637 | #~ " par le script." |
||
| 638 | |||
| 639 | #~ msgid "Recommended" |
||
| 640 | #~ msgstr "Recommandées" |
||
| 641 | |||
| 642 | #~ msgid "" |
||
| 643 | #~ "<userinput>cat > /usr/bin/make-cert.pl << \"EOF\"\n" |
||
| 644 | #~ "<literal>#!/usr/bin/perl -w\n" |
||
| 645 | #~ "\n" |
||
| 646 | #~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n" |
||
| 647 | #~ "# Run as ./make-cert.pl > certificate.crt\n" |
||
| 648 | #~ "#\n" |
||
| 649 | #~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n" |
||
| 650 | #~ "#\n" |
||
| 651 | #~ "# This script modified for use with single file data (tempfile.cer) extracted\n" |
||
| 652 | #~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n" |
||
| 653 | #~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n" |
||
| 654 | #~ "#\n" |
||
| 655 | #~ "# Authors: DJ Lucas\n" |
||
| 656 | #~ "# Bruce Dubbs\n" |
||
| 657 | #~ "#\n" |
||
| 658 | #~ "# Version 20120211\n" |
||
| 659 | #~ "\n" |
||
| 660 | #~ "my $certdata = './tempfile.cer';\n" |
||
| 661 | #~ "\n" |
||
| 662 | #~ "open( IN, \"cat $certdata|\" )\n" |
||
| 663 | #~ " || die \"could not open $certdata\";\n" |
||
| 664 | #~ "\n" |
||
| 665 | #~ "my $incert = 0;\n" |
||
| 666 | #~ "\n" |
||
| 667 | #~ "while ( <IN> )\n" |
||
| 668 | #~ "{\n" |
||
| 669 | #~ " if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n" |
||
| 670 | #~ " {\n" |
||
| 671 | #~ " $incert = 1;\n" |
||
| 672 | #~ " open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n" |
||
| 673 | #~ " || die \"could not pipe to openssl x509\";\n" |
||
| 674 | #~ " }\n" |
||
| 675 | #~ "\n" |
||
| 676 | #~ " elsif ( /^END/ && $incert )\n" |
||
| 677 | #~ " {\n" |
||
| 678 | #~ " close( OUT );\n" |
||
| 679 | #~ " $incert = 0;\n" |
||
| 680 | #~ " print \"\\n\\n\";\n" |
||
| 681 | #~ " }\n" |
||
| 682 | #~ "\n" |
||
| 683 | #~ " elsif ($incert)\n" |
||
| 684 | #~ " {\n" |
||
| 685 | #~ " my @bs = split( /\\\\/ );\n" |
||
| 686 | #~ " foreach my $b (@bs)\n" |
||
| 687 | #~ " {\n" |
||
| 688 | #~ " chomp $b;\n" |
||
| 689 | #~ " printf( OUT \"%c\", oct($b) ) unless $b eq '';\n" |
||
| 690 | #~ " }\n" |
||
| 691 | #~ " }\n" |
||
| 692 | #~ "}</literal>\n" |
||
| 693 | #~ "EOF\n" |
||
| 694 | #~ "\n" |
||
| 695 | #~ "chmod +x /usr/bin/make-cert.pl</userinput>" |
||
| 696 | #~ msgstr "" |
||
| 697 | #~ "<userinput>cat > /usr/bin/make-cert.pl << \"EOF\"\n" |
||
| 698 | #~ "<literal>#!/usr/bin/perl -w\n" |
||
| 699 | #~ "\n" |
||
| 700 | #~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n" |
||
| 701 | #~ "# Run as ./make-cert.pl > certificate.crt\n" |
||
| 702 | #~ "#\n" |
||
| 703 | #~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n" |
||
| 704 | #~ "#\n" |
||
| 705 | #~ "# This script modified for use with single file data (tempfile.cer) extracted\n" |
||
| 706 | #~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n" |
||
| 707 | #~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n" |
||
| 708 | #~ "#\n" |
||
| 709 | #~ "# Authors: DJ Lucas\n" |
||
| 710 | #~ "# Bruce Dubbs\n" |
||
| 711 | #~ "#\n" |
||
| 712 | #~ "# Version 20120211\n" |
||
| 713 | #~ "\n" |
||
| 714 | #~ "my $certdata = './tempfile.cer';\n" |
||
| 715 | #~ "\n" |
||
| 716 | #~ "open( IN, \"cat $certdata|\" )\n" |
||
| 717 | #~ " || die \"could not open $certdata\";\n" |
||
| 718 | #~ "\n" |
||
| 719 | #~ "my $incert = 0;\n" |
||
| 720 | #~ "\n" |
||
| 721 | #~ "while ( <IN> )\n" |
||
| 722 | #~ "{\n" |
||
| 723 | #~ " if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n" |
||
| 724 | #~ " {\n" |
||
| 725 | #~ " $incert = 1;\n" |
||
| 726 | #~ " open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n" |
||
| 727 | #~ " || die \"could not pipe to openssl x509\";\n" |
||
| 728 | #~ " }\n" |
||
| 729 | #~ "\n" |
||
| 730 | #~ " elsif ( /^END/ && $incert )\n" |
||
| 731 | #~ " {\n" |
||
| 732 | #~ " close( OUT );\n" |
||
| 733 | #~ " $incert = 0;\n" |
||
| 734 | #~ " print \"\\n\\n\";\n" |
||
| 735 | #~ " }\n" |
||
| 736 | #~ "\n" |
||
| 737 | #~ " elsif ($incert)\n" |
||
| 738 | #~ " {\n" |
||
| 739 | #~ " my @bs = split( /\\\\/ );\n" |
||
| 740 | #~ " foreach my $b (@bs)\n" |
||
| 741 | #~ " {\n" |
||
| 742 | #~ " chomp $b;\n" |
||
| 743 | #~ " printf( OUT \"%c\", oct($b) ) unless $b eq '';\n" |
||
| 744 | #~ " }\n" |
||
| 745 | #~ " }\n" |
||
| 746 | #~ "}</literal>\n" |
||
| 747 | #~ "EOF\n" |
||
| 748 | #~ "\n" |
||
| 749 | #~ "chmod +x /usr/bin/make-cert.pl</userinput>" |
||
| 750 | |||
| 751 | #~ msgid "" |
||
| 752 | #~ "The following script creates the certificates and a bundle of all the " |
||
| 753 | #~ "certificates. It creates a <filename class='directory'>./certs</filename> " |
||
| 754 | #~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>. Again " |
||
| 755 | #~ "create this script as the <systemitem class=\"username\">root</systemitem> " |
||
| 756 | #~ "user:" |
||
| 757 | #~ msgstr "" |
||
| 758 | #~ "Le script suivant crée les certificats et un bouquet de tous les " |
||
| 759 | #~ "certificats. Il crée un répertoire <filename " |
||
| 760 | #~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-" |
||
| 761 | #~ "bundle-${VERSION}.crt</filename>. Créez de nouveau ce script en tant " |
||
| 762 | #~ "qu'utilisateur <systemitem class=\"username\">root</systemitem> :" |
||
| 763 | |||
| 764 | #~ msgid "" |
||
| 765 | #~ "<userinput>cat > /usr/bin/make-ca.sh << \"EOF\"\n" |
||
| 766 | #~ "<literal>#!/bin/sh\n" |
||
| 767 | #~ "# Begin make-ca.sh\n" |
||
| 768 | #~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n" |
||
| 769 | #~ "#\n" |
||
| 770 | #~ "# The file certdata.txt must exist in the local directory\n" |
||
| 771 | #~ "# Version number is obtained from the version of the data.\n" |
||
| 772 | #~ "#\n" |
||
| 773 | #~ "# Authors: DJ Lucas\n" |
||
| 774 | #~ "# Bruce Dubbs\n" |
||
| 775 | #~ "#\n" |
||
| 776 | #~ "# Version 20120211\n" |
||
| 777 | #~ "\n" |
||
| 778 | #~ "# Some data in the certs have UTF-8 characters\n" |
||
| 779 | #~ "export LANG=en_US.utf8\n" |
||
| 780 | #~ "\n" |
||
| 781 | #~ "certdata=\"certdata.txt\"\n" |
||
| 782 | #~ "\n" |
||
| 783 | #~ "if [ ! -r $certdata ]; then\n" |
||
| 784 | #~ " echo \"$certdata must be in the local directory\"\n" |
||
| 785 | #~ " exit 1\n" |
||
| 786 | #~ "fi\n" |
||
| 787 | #~ "\n" |
||
| 788 | #~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n" |
||
| 789 | #~ "\n" |
||
| 790 | #~ "if [ -z \"${REVISION}\" ]; then\n" |
||
| 791 | #~ " echo \"$certfile has no 'Revision' in CVS_ID\"\n" |
||
| 792 | #~ " exit 1\n" |
||
| 793 | #~ "fi\n" |
||
| 794 | #~ "\n" |
||
| 795 | #~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n" |
||
| 796 | #~ "\n" |
||
| 797 | #~ "TEMPDIR=$(mktemp -d)\n" |
||
| 798 | #~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n" |
||
| 799 | #~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n" |
||
| 800 | #~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n" |
||
| 801 | #~ "SSLDIR=\"/etc/ssl\"\n" |
||
| 802 | #~ "\n" |
||
| 803 | #~ "mkdir \"${TEMPDIR}/certs\"\n" |
||
| 804 | #~ "\n" |
||
| 805 | #~ "# Get a list of starting lines for each cert\n" |
||
| 806 | #~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n" |
||
| 807 | #~ "\n" |
||
| 808 | #~ "# Get a list of ending lines for each cert\n" |
||
| 809 | #~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n" |
||
| 810 | #~ "\n" |
||
| 811 | #~ "# Start a loop\n" |
||
| 812 | #~ "for certbegin in ${CERTBEGINLIST}; do\n" |
||
| 813 | #~ " for certend in ${CERTENDLIST}; do\n" |
||
| 814 | #~ " if test \"${certend}\" -gt \"${certbegin}\"; then\n" |
||
| 815 | #~ " break\n" |
||
| 816 | #~ " fi\n" |
||
| 817 | #~ " done\n" |
||
| 818 | #~ "\n" |
||
| 819 | #~ " # Dump to a temp file with the name of the file as the beginning line number\n" |
||
| 820 | #~ " sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n" |
||
| 821 | #~ "done\n" |
||
| 822 | #~ "\n" |
||
| 823 | #~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n" |
||
| 824 | #~ "\n" |
||
| 825 | #~ "mkdir -p certs\n" |
||
| 826 | #~ "rm -f certs/* # Make sure the directory is clean\n" |
||
| 827 | #~ "\n" |
||
| 828 | #~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n" |
||
| 829 | #~ " # Make sure that the cert is trusted...\n" |
||
| 830 | #~ " grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n" |
||
| 831 | #~ " egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n" |
||
| 832 | #~ "\n" |
||
| 833 | #~ " if test \"${?}\" = \"0\"; then\n" |
||
| 834 | #~ " # Throw a meaningful error and remove the file\n" |
||
| 835 | #~ " cp \"${tempfile}\" tempfile.cer\n" |
||
| 836 | #~ " perl ${CONVERTSCRIPT} > tempfile.crt\n" |
||
| 837 | #~ " keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n" |
||
| 838 | #~ " echo \"Certificate ${keyhash} is not trusted! Removing...\"\n" |
||
| 839 | #~ " rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n" |
||
| 840 | #~ " continue\n" |
||
| 841 | #~ " fi\n" |
||
| 842 | #~ "\n" |
||
| 843 | #~ " # If execution made it to here in the loop, the temp cert is trusted\n" |
||
| 844 | #~ " # Find the cert data and generate a cert file for it\n" |
||
| 845 | #~ "\n" |
||
| 846 | #~ " cp \"${tempfile}\" tempfile.cer\n" |
||
| 847 | #~ " perl ${CONVERTSCRIPT} > tempfile.crt\n" |
||
| 848 | #~ " keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n" |
||
| 849 | #~ " mv tempfile.crt \"certs/${keyhash}.pem\"\n" |
||
| 850 | #~ " rm -f tempfile.cer \"${tempfile}\"\n" |
||
| 851 | #~ " echo \"Created ${keyhash}.pem\"\n" |
||
| 852 | #~ "done\n" |
||
| 853 | #~ "\n" |
||
| 854 | #~ "# Remove blacklisted files\n" |
||
| 855 | #~ "# MD5 Collision Proof of Concept CA\n" |
||
| 856 | #~ "if test -f certs/8f111d69.pem; then\n" |
||
| 857 | #~ " echo \"Certificate 8f111d69 is not trusted! Removing...\"\n" |
||
| 858 | #~ " rm -f certs/8f111d69.pem\n" |
||
| 859 | #~ "fi\n" |
||
| 860 | #~ "\n" |
||
| 861 | #~ "# Finally, generate the bundle and clean up.\n" |
||
| 862 | #~ "cat certs/*.pem > ${BUNDLE}\n" |
||
| 863 | #~ "rm -r \"${TEMPDIR}\"</literal>\n" |
||
| 864 | #~ "EOF\n" |
||
| 865 | #~ "\n" |
||
| 866 | #~ "chmod +x /usr/bin/make-ca.sh</userinput>" |
||
| 867 | #~ msgstr "" |
||
| 868 | #~ "<userinput>cat > /usr/bin/make-ca.sh << \"EOF\"\n" |
||
| 869 | #~ "<literal>#!/bin/sh\n" |
||
| 870 | #~ "# Begin make-ca.sh\n" |
||
| 871 | #~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n" |
||
| 872 | #~ "#\n" |
||
| 873 | #~ "# The file certdata.txt must exist in the local directory\n" |
||
| 874 | #~ "# Version number is obtained from the version of the data.\n" |
||
| 875 | #~ "#\n" |
||
| 876 | #~ "# Authors: DJ Lucas\n" |
||
| 877 | #~ "# Bruce Dubbs\n" |
||
| 878 | #~ "#\n" |
||
| 879 | #~ "# Version 20120211\n" |
||
| 880 | #~ "\n" |
||
| 881 | #~ "# Some data in the certs have UTF-8 characters\n" |
||
| 882 | #~ "export LANG=en_US.utf8\n" |
||
| 883 | #~ "\n" |
||
| 884 | #~ "certdata=\"certdata.txt\"\n" |
||
| 885 | #~ "\n" |
||
| 886 | #~ "if [ ! -r $certdata ]; then\n" |
||
| 887 | #~ " echo \"$certdata must be in the local directory\"\n" |
||
| 888 | #~ " exit 1\n" |
||
| 889 | #~ "fi\n" |
||
| 890 | #~ "\n" |
||
| 891 | #~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n" |
||
| 892 | #~ "\n" |
||
| 893 | #~ "if [ -z \"${REVISION}\" ]; then\n" |
||
| 894 | #~ " echo \"$certfile has no 'Revision' in CVS_ID\"\n" |
||
| 895 | #~ " exit 1\n" |
||
| 896 | #~ "fi\n" |
||
| 897 | #~ "\n" |
||
| 898 | #~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n" |
||
| 899 | #~ "\n" |
||
| 900 | #~ "TEMPDIR=$(mktemp -d)\n" |
||
| 901 | #~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n" |
||
| 902 | #~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n" |
||
| 903 | #~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n" |
||
| 904 | #~ "SSLDIR=\"/etc/ssl\"\n" |
||
| 905 | #~ "\n" |
||
| 906 | #~ "mkdir \"${TEMPDIR}/certs\"\n" |
||
| 907 | #~ "\n" |
||
| 908 | #~ "# Get a list of starting lines for each cert\n" |
||
| 909 | #~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n" |
||
| 910 | #~ "\n" |
||
| 911 | #~ "# Get a list of ending lines for each cert\n" |
||
| 912 | #~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n" |
||
| 913 | #~ "\n" |
||
| 914 | #~ "# Start a loop\n" |
||
| 915 | #~ "for certbegin in ${CERTBEGINLIST}; do\n" |
||
| 916 | #~ " for certend in ${CERTENDLIST}; do\n" |
||
| 917 | #~ " if test \"${certend}\" -gt \"${certbegin}\"; then\n" |
||
| 918 | #~ " break\n" |
||
| 919 | #~ " fi\n" |
||
| 920 | #~ " done\n" |
||
| 921 | #~ "\n" |
||
| 922 | #~ " # Dump to a temp file with the name of the file as the beginning line number\n" |
||
| 923 | #~ " sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n" |
||
| 924 | #~ "done\n" |
||
| 925 | #~ "\n" |
||
| 926 | #~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n" |
||
| 927 | #~ "\n" |
||
| 928 | #~ "mkdir -p certs\n" |
||
| 929 | #~ "rm -f certs/* # Make sure the directory is clean\n" |
||
| 930 | #~ "\n" |
||
| 931 | #~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n" |
||
| 932 | #~ " # Make sure that the cert is trusted...\n" |
||
| 933 | #~ " grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n" |
||
| 934 | #~ " egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n" |
||
| 935 | #~ "\n" |
||
| 936 | #~ " if test \"${?}\" = \"0\"; then\n" |
||
| 937 | #~ " # Throw a meaningful error and remove the file\n" |
||
| 938 | #~ " cp \"${tempfile}\" tempfile.cer\n" |
||
| 939 | #~ " perl ${CONVERTSCRIPT} > tempfile.crt\n" |
||
| 940 | #~ " keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n" |
||
| 941 | #~ " echo \"Certificate ${keyhash} is not trusted! Removing...\"\n" |
||
| 942 | #~ " rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n" |
||
| 943 | #~ " continue\n" |
||
| 944 | #~ " fi\n" |
||
| 945 | #~ "\n" |
||
| 946 | #~ " # If execution made it to here in the loop, the temp cert is trusted\n" |
||
| 947 | #~ " # Find the cert data and generate a cert file for it\n" |
||
| 948 | #~ "\n" |
||
| 949 | #~ " cp \"${tempfile}\" tempfile.cer\n" |
||
| 950 | #~ " perl ${CONVERTSCRIPT} > tempfile.crt\n" |
||
| 951 | #~ " keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n" |
||
| 952 | #~ " mv tempfile.crt \"certs/${keyhash}.pem\"\n" |
||
| 953 | #~ " rm -f tempfile.cer \"${tempfile}\"\n" |
||
| 954 | #~ " echo \"Created ${keyhash}.pem\"\n" |
||
| 955 | #~ "done\n" |
||
| 956 | #~ "\n" |
||
| 957 | #~ "# Remove blacklisted files\n" |
||
| 958 | #~ "# MD5 Collision Proof of Concept CA\n" |
||
| 959 | #~ "if test -f certs/8f111d69.pem; then\n" |
||
| 960 | #~ " echo \"Certificate 8f111d69 is not trusted! Removing...\"\n" |
||
| 961 | #~ " rm -f certs/8f111d69.pem\n" |
||
| 962 | #~ "fi\n" |
||
| 963 | #~ "\n" |
||
| 964 | #~ "# Finally, generate the bundle and clean up.\n" |
||
| 965 | #~ "cat certs/*.pem > ${BUNDLE}\n" |
||
| 966 | #~ "rm -r \"${TEMPDIR}\"</literal>\n" |
||
| 967 | #~ "EOF\n" |
||
| 968 | #~ "\n" |
||
| 969 | #~ "chmod +x /usr/bin/make-ca.sh</userinput>" |
||
| 970 | |||
| 971 | #~ msgid "" |
||
| 972 | #~ "Add a short script to remove expired certificates from a directory. Again " |
||
| 973 | #~ "create this script as the <systemitem class=\"username\">root</systemitem> " |
||
| 974 | #~ "user:" |
||
| 975 | #~ msgstr "" |
||
| 976 | #~ "Ajoutez un script bref pour supprimer les certificats expirés d'un " |
||
| 977 | #~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem " |
||
| 978 | #~ "class=\"username\">root</systemitem> :" |
||
| 979 | |||
| 980 | #~ msgid "" |
||
| 981 | #~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh << \"EOF\"\n" |
||
| 982 | #~ "<literal>#!/bin/sh\n" |
||
| 983 | #~ "# Begin /usr/sbin/remove-expired-certs.sh\n" |
||
| 984 | #~ "#\n" |
||
| 985 | #~ "# Version 20120211\n" |
||
| 986 | #~ "\n" |
||
| 987 | #~ "# Make sure the date is parsed correctly on all systems\n" |
||
| 988 | #~ "mydate()\n" |
||
| 989 | #~ "{\n" |
||
| 990 | #~ " local y=$( echo $1 | cut -d\" \" -f4 )\n" |
||
| 991 | #~ " local M=$( echo $1 | cut -d\" \" -f1 )\n" |
||
| 992 | #~ " local d=$( echo $1 | cut -d\" \" -f2 )\n" |
||
| 993 | #~ " local m\n" |
||
| 994 | #~ "\n" |
||
| 995 | #~ " if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n" |
||
| 996 | #~ "\n" |
||
| 997 | #~ " case $M in\n" |
||
| 998 | #~ " Jan) m=\"01\";;\n" |
||
| 999 | #~ " Feb) m=\"02\";;\n" |
||
| 1000 | #~ " Mar) m=\"03\";;\n" |
||
| 1001 | #~ " Apr) m=\"04\";;\n" |
||
| 1002 | #~ " May) m=\"05\";;\n" |
||
| 1003 | #~ " Jun) m=\"06\";;\n" |
||
| 1004 | #~ " Jul) m=\"07\";;\n" |
||
| 1005 | #~ " Aug) m=\"08\";;\n" |
||
| 1006 | #~ " Sep) m=\"09\";;\n" |
||
| 1007 | #~ " Oct) m=\"10\";;\n" |
||
| 1008 | #~ " Nov) m=\"11\";;\n" |
||
| 1009 | #~ " Dec) m=\"12\";;\n" |
||
| 1010 | #~ " esac\n" |
||
| 1011 | #~ "\n" |
||
| 1012 | #~ " certdate=\"${y}${m}${d}\"\n" |
||
| 1013 | #~ "}\n" |
||
| 1014 | #~ "\n" |
||
| 1015 | #~ "OPENSSL=/usr/bin/openssl\n" |
||
| 1016 | #~ "DIR=/etc/ssl/certs\n" |
||
| 1017 | #~ "\n" |
||
| 1018 | #~ "if [ $# -gt 0 ]; then\n" |
||
| 1019 | #~ " DIR=\"$1\"\n" |
||
| 1020 | #~ "fi\n" |
||
| 1021 | #~ "\n" |
||
| 1022 | #~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n" |
||
| 1023 | #~ "today=$( date +%Y%m%d )\n" |
||
| 1024 | #~ "\n" |
||
| 1025 | #~ "for cert in $certs; do\n" |
||
| 1026 | #~ " notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n" |
||
| 1027 | #~ " date=$( echo ${notafter} | sed 's/^notAfter=//' )\n" |
||
| 1028 | #~ " mydate \"$date\"\n" |
||
| 1029 | #~ "\n" |
||
| 1030 | #~ " if [ ${certdate} -lt ${today} ]; then\n" |
||
| 1031 | #~ " echo \"${cert} expired on ${certdate}! Removing...\"\n" |
||
| 1032 | #~ " rm -f \"${cert}\"\n" |
||
| 1033 | #~ " fi\n" |
||
| 1034 | #~ "done</literal>\n" |
||
| 1035 | #~ "EOF\n" |
||
| 1036 | #~ "\n" |
||
| 1037 | #~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>" |
||
| 1038 | #~ msgstr "" |
||
| 1039 | #~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh << \"EOF\"\n" |
||
| 1040 | #~ "<literal>#!/bin/sh\n" |
||
| 1041 | #~ "# Begin /usr/sbin/remove-expired-certs.sh\n" |
||
| 1042 | #~ "#\n" |
||
| 1043 | #~ "# Version 20120211\n" |
||
| 1044 | #~ "\n" |
||
| 1045 | #~ "# Make sure the date is parsed correctly on all systems\n" |
||
| 1046 | #~ "mydate()\n" |
||
| 1047 | #~ "{\n" |
||
| 1048 | #~ " local y=$( echo $1 | cut -d\" \" -f4 )\n" |
||
| 1049 | #~ " local M=$( echo $1 | cut -d\" \" -f1 )\n" |
||
| 1050 | #~ " local d=$( echo $1 | cut -d\" \" -f2 )\n" |
||
| 1051 | #~ " local m\n" |
||
| 1052 | #~ "\n" |
||
| 1053 | #~ " if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n" |
||
| 1054 | #~ "\n" |
||
| 1055 | #~ " case $M in\n" |
||
| 1056 | #~ " Jan) m=\"01\";;\n" |
||
| 1057 | #~ " Feb) m=\"02\";;\n" |
||
| 1058 | #~ " Mar) m=\"03\";;\n" |
||
| 1059 | #~ " Apr) m=\"04\";;\n" |
||
| 1060 | #~ " May) m=\"05\";;\n" |
||
| 1061 | #~ " Jun) m=\"06\";;\n" |
||
| 1062 | #~ " Jul) m=\"07\";;\n" |
||
| 1063 | #~ " Aug) m=\"08\";;\n" |
||
| 1064 | #~ " Sep) m=\"09\";;\n" |
||
| 1065 | #~ " Oct) m=\"10\";;\n" |
||
| 1066 | #~ " Nov) m=\"11\";;\n" |
||
| 1067 | #~ " Dec) m=\"12\";;\n" |
||
| 1068 | #~ " esac\n" |
||
| 1069 | #~ "\n" |
||
| 1070 | #~ " certdate=\"${y}${m}${d}\"\n" |
||
| 1071 | #~ "}\n" |
||
| 1072 | #~ "\n" |
||
| 1073 | #~ "OPENSSL=/usr/bin/openssl\n" |
||
| 1074 | #~ "DIR=/etc/ssl/certs\n" |
||
| 1075 | #~ "\n" |
||
| 1076 | #~ "if [ $# -gt 0 ]; then\n" |
||
| 1077 | #~ " DIR=\"$1\"\n" |
||
| 1078 | #~ "fi\n" |
||
| 1079 | #~ "\n" |
||
| 1080 | #~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n" |
||
| 1081 | #~ "today=$( date +%Y%m%d )\n" |
||
| 1082 | #~ "\n" |
||
| 1083 | #~ "for cert in $certs; do\n" |
||
| 1084 | #~ " notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n" |
||
| 1085 | #~ " date=$( echo ${notafter} | sed 's/^notAfter=//' )\n" |
||
| 1086 | #~ " mydate \"$date\"\n" |
||
| 1087 | #~ "\n" |
||
| 1088 | #~ " if [ ${certdate} -lt ${today} ]; then\n" |
||
| 1089 | #~ " echo \"${cert} expired on ${certdate}! Removing...\"\n" |
||
| 1090 | #~ " rm -f \"${cert}\"\n" |
||
| 1091 | #~ " fi\n" |
||
| 1092 | #~ "done</literal>\n" |
||
| 1093 | #~ "EOF\n" |
||
| 1094 | #~ "\n" |
||
| 1095 | #~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>" |
||
| 1096 | |||
| 1097 | #~ msgid "" |
||
| 1098 | #~ "The following commands will fetch the certificates and convert them to the " |
||
| 1099 | #~ "correct format. If desired, a web browser may be used instead of " |
||
| 1100 | #~ "<application>wget</application> but the file will need to be saved with the " |
||
| 1101 | #~ "name <filename>certdata.txt</filename>. These commands can be repeated as " |
||
| 1102 | #~ "necessary to update the CA Certificates." |
||
| 1103 | #~ msgstr "" |
||
| 1104 | #~ "Les commandes suivantes récupéreront les certificats et les convertiront " |
||
| 1105 | #~ "dans le bon format. Si vous le désirez, vous pouvez utiliser un navigateur " |
||
| 1106 | #~ "Internet plutôt que <application>wget</application> mais le fichier devra " |
||
| 1107 | #~ "être enregistré sous le nom <filename>certdata.txt</filename>. Ces " |
||
| 1108 | #~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à " |
||
| 1109 | #~ "jour les Certificats CA." |
||
| 1110 | |||
| 1111 | #~ msgid "" |
||
| 1112 | #~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &&\n" |
||
| 1113 | #~ "rm -f certdata.txt &&\n" |
||
| 1114 | #~ "wget $URL &&\n" |
||
| 1115 | #~ "make-ca.sh &&\n" |
||
| 1116 | #~ "unset URL</userinput>" |
||
| 1117 | #~ msgstr "" |
||
| 1118 | #~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &&\n" |
||
| 1119 | #~ "rm -f certdata.txt &&\n" |
||
| 1120 | #~ "wget $URL &&\n" |
||
| 1121 | #~ "make-ca.sh &&\n" |
||
| 1122 | #~ "unset URL</userinput>" |
||
| 1123 | |||
| 1124 | #~ msgid "" |
||
| 1125 | #~ "<userinput>SSLDIR=/etc/ssl &&\n" |
||
| 1126 | #~ "remove-expired-certs.sh certs &&\n" |
||
| 1127 | #~ "install -d ${SSLDIR}/certs &&\n" |
||
| 1128 | #~ "cp -v certs/*.pem ${SSLDIR}/certs &&\n" |
||
| 1129 | #~ "c_rehash &&\n" |
||
| 1130 | #~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt &&\n" |
||
| 1131 | #~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &&\n" |
||
| 1132 | #~ "unset SSLDIR</userinput>" |
||
| 1133 | #~ msgstr "" |
||
| 1134 | #~ "<userinput>SSLDIR=/etc/ssl &&\n" |
||
| 1135 | #~ "remove-expired-certs.sh certs &&\n" |
||
| 1136 | #~ "install -d ${SSLDIR}/certs &&\n" |
||
| 1137 | #~ "cp -v certs/*.pem ${SSLDIR}/certs &&\n" |
||
| 1138 | #~ "c_rehash &&\n" |
||
| 1139 | #~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt &&\n" |
||
| 1140 | #~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &&\n" |
||
| 1141 | #~ "unset SSLDIR</userinput>" |
||
| 1142 | |||
| 1143 | #~ msgid "Finally, clean up the current directory:" |
||
| 1144 | #~ msgstr "Enfin, nettoyez le répertoire courant :" |
||
| 1145 | |||
| 1146 | #~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>" |
||
| 1147 | #~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>" |
||
| 1148 | |||
| 1149 | #~ msgid "" |
||
| 1150 | #~ "After installing or updating certificates, if OpenJDK is installed, update " |
||
| 1151 | #~ "the certificates for Java using the procedures at <xref linkend='ojdk-" |
||
| 1152 | #~ "certs'/>." |
||
| 1153 | #~ msgstr "" |
||
| 1154 | #~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est " |
||
| 1155 | #~ "installé, mettez à jour les certificats pour Java en utilisant la procédure " |
||
| 1156 | #~ "dans <xref linkend=\"ojdk-certs\"/>." |
||
| 1157 | |||
| 1158 | #~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh" |
||
| 1159 | #~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh" |
||
| 1160 | |||
| 1161 | #~ msgid "<command>make-cert.pl</command>" |
||
| 1162 | #~ msgstr "<command>make-cert.pl</command>" |
||
| 1163 | |||
| 1164 | #~ msgid "" |
||
| 1165 | #~ "is a utility <application>perl</application> script that converts a single " |
||
| 1166 | #~ "binary certificate (.der format) into .pem format." |
||
| 1167 | #~ msgstr "" |
||
| 1168 | #~ "est un script <application>perl</application> qui convertit un certificat " |
||
| 1169 | #~ "binaire unique (format .der) au format .pem." |
||
| 1170 | |||
| 1171 | #~ msgid "make-cert" |
||
| 1172 | #~ msgstr "make-cert" |
||
| 1173 | |||
| 1174 | #~ msgid "<command>remove-expired-certs.sh</command>" |
||
| 1175 | #~ msgstr "<command>remove-expired-certs.sh</command>" |
||
| 1176 | |||
| 1177 | #~ msgid "" |
||
| 1178 | #~ "is a utility shell script that removes expired certificates from a " |
||
| 1179 | #~ "directory. The default directory is <filename " |
||
| 1180 | #~ "class='directory'>/etc/ssl/certs</filename>." |
||
| 1181 | #~ msgstr "" |
||
| 1182 | #~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le" |
||
| 1183 | #~ " répertoire par défaut est <filename " |
||
| 1184 | #~ "class='directory'>/etc/ssl/certs</filename>." |
||
| 1185 | |||
| 1186 | #~ msgid "remove-expired-certs" |
||
| 1187 | #~ msgstr "remove-expired-certs" |