Subversion Repositories svn LFS-FR

# SOME DESCRIPTIVE TITLE

# Copyright (C) YEAR Free Software Foundation, Inc.

# This file is distributed under the same license as the PACKAGE package.

# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.

#

msgid ""

msgstr ""

"Project-Id-Version: PACKAGE VERSION\n"

"POT-Creation-Date: 2018-02-12 04:06+0000\n"

"PO-Revision-Date: 2018-02-01 11:12+0000\n"

"Last-Translator: roptat <roptat@lepiller.eu>\n"

"Language-Team: LANGUAGE <LL@li.org>\n"

"Language: fr\n"

"MIME-Version: 1.0\n"

"Content-Type: text/plain; charset=UTF-8\n"

"Content-Transfer-Encoding: 8bit\n"

"Plural-Forms: nplurals=2; plural=(n > 1);\n"

"X-Generator: Pootle 2.8\n"

"X-POOTLE-MTIME: 1517483554.797188\n"

#. type: Content of the certhost entity

#: blfs-en/postlfs/security/cacerts.xml:7

msgid "https://hg.mozilla.org/"

msgstr "https://hg.mozilla.org/"

#. type: Content of the certpath entity

#: blfs-en/postlfs/security/cacerts.xml:8

msgid "/lib/ckfw/builtins/certdata.txt"

msgstr "/lib/ckfw/builtins/certdata.txt"

#. type: Content of the cacerts-buildsize entity

#: blfs-en/postlfs/security/cacerts.xml:9

msgid "6.5 MB (with all runtime deps)"

msgstr "6.5 Mo (avec toutes les dépendances à l'exécution)"

#. type: Content of the cacerts-time entity

#: blfs-en/postlfs/security/cacerts.xml:10

msgid "0.2 SBU (with all runtime deps)"

msgstr "0.2 SBU (avec toutes les dépendances à l'exécution)"

#. type: Content of the make-ca-download entity

#: blfs-en/postlfs/security/cacerts.xml:12

msgid ""

"https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-"

"ca-version;.tar.gz"

msgstr ""

"https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-"

"ca-version;.tar.gz"

#. type: Content of the make-ca-size entity

#: blfs-en/postlfs/security/cacerts.xml:13

msgid "36 KB"

msgstr "36 Ko"

#. type: Content of the make-ca-md5sum entity

#: blfs-en/postlfs/security/cacerts.xml:14

msgid "851f9e267f343c54db8caa87ec5b3d75"

msgstr "851f9e267f343c54db8caa87ec5b3d75"

#. type: Content of: <sect1><sect1info>

#: blfs-en/postlfs/security/cacerts.xml:21

#| msgid ""

#| "<othername>$LastChangedBy: pierre $</othername> <date>$Date: 2018-01-29 "

#| "21:12:53 +0000 (Mon, 29 Jan 2018) $</date>"

msgid ""

"<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2018-02-11 "

"17:41:19 +0000 (Sun, 11 Feb 2018) $</date>"

msgstr ""

"<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2018-02-11 "

"17:41:19 +0000 (Sun, 11 Feb 2018) $</date>"

#. type: Content of: <sect1><indexterm><primary>

#: blfs-en/postlfs/security/cacerts.xml:25

#: blfs-en/postlfs/security/cacerts.xml:48

msgid "Certificate Authority Certificates"

msgstr "Certificats d'autorité de certification"

#. type: Content of: <sect1><para>

#: blfs-en/postlfs/security/cacerts.xml:27

msgid ""

"Public Key Infrastructure (PKI) is a method to validate the authenticity of "

"an otherwise unknown entity across untrusted networks. PKI works by "

"establishing a chain of trust, rather than trusting each individual host or "

"entity explicitly. In order for a certificate presented by a remote entity "

"to be trusted, that certificate must present a complete chain of "

"certificates that can be validated using the root certificate of a "

"Certificate Authority (CA) that is trusted by the local machine."

msgstr ""

"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "

"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "

"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "

"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "

"entité de manière explicite. Pour qu'un certificat présenté par une entité "

"distante soit reconnu, le certificat doit présenter une chaîne complète de "

"certificats qui peuvent être validé en utilisant le certificat racine d'une "

"autorité de certification (CA) en laquelle la machine locale a confiance."

#. type: Content of: <sect1><para>

#: blfs-en/postlfs/security/cacerts.xml:35

msgid ""

"Establishing trust with a CA involves validating things like company "

"address, ownership, contact information, etc., and ensuring that the CA has "

"followed best practices, such as undergoing periodic security audits by "

"independent investigators and maintaining an always available certificate "

"revocation list. This is well outside the scope of BLFS (as it is for most "

"Linux distributions). The certificate store provided here is taken from the "

"Mozilla Foundation, who have established very strict inclusion policies "

"described <ulink url=\"https://www.mozilla.org/en-"

"US/about/governance/policies/security-group/certs/\">here</ulink>."

msgstr ""

"L'établissement de la confiance avec une CA nécessite de valider des choses "

"comme l'adresse de la compagnie, la propriété, les informations de contact, "

"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "

"audits de sécurité périodiques par des enquêteurs indépendants et le "

"maintient d'une liste de révocation de certificats toujours disponible. Ceci"

" est bien au delà de la portée de BLFS (comme pour la plupart des "

"distributions Linux). Le magasin de certificats fournit ici est emprunté à "

"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"

" décrite <ulink url=\"https://www.mozilla.org/en-"

"US/about/governance/policies/security-group/certs/\">ici</ulink>."

#. type: Content of: <sect1><sect2><title>

#: blfs-en/postlfs/security/cacerts.xml:52

msgid "Introduction to Certificate Authorities"

msgstr "Introduction à Certificate Authorities"

#. type: Content of: <sect1><sect2><bridgehead>

#: blfs-en/postlfs/security/cacerts.xml:54

msgid "Package Information"

msgstr "Informations sur le paquet"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:57

msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"

msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:60

msgid "Download size: &make-ca-size;"

msgstr "Taille du téléchargement : &make-ca-size;"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:63

msgid "Download MD5 Sum: &make-ca-md5sum;"

msgstr "Somme MD5 du téléchargement : &make-ca-md5sum;"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:66

msgid "Estimated disk space required: &cacerts-buildsize;"

msgstr "Estimation de l'espace disque requis : &cacerts-buildsize;"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:69

msgid "Estimated build time: &cacerts-time;"

msgstr "Estimation du temps de construction : &cacerts-time;"

#. type: Content of: <sect1><sect2><bridgehead>

#: blfs-en/postlfs/security/cacerts.xml:73

msgid "Certificate Authority Certificates Dependencies"

msgstr "Dépendances de Certificate Authority Certificates"

#. type: Content of: <sect1><sect2><bridgehead>

#: blfs-en/postlfs/security/cacerts.xml:78

msgid "Optional (runtime)"

msgstr "Facultatives (exécution)"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:80

msgid ""

"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "

"linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/>, and <xref "

"role=\"runtime\" linkend=\"p11-kit\"/>"

msgstr ""

"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "

"linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/> et <xref "

"role=\"runtime\" linkend=\"p11-kit\"/>"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:86

msgid "User Notes: <ulink url='&blfs-wiki;/cacerts'/>"

msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/cacerts'/>"

#. type: Content of: <sect1><sect2><title>

#: blfs-en/postlfs/security/cacerts.xml:91

msgid "Installation of Certificate Authority Certificates"

msgstr "Installation de Certificate Authority Certificates"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:93

msgid ""

"The <application>make-ca</application> script will download and process the "

"certificates included in the <filename>certdata.txt</filename> file for use "

"in multiple certificate stores (if the associated applications are present "

"on the system). Additionally, any local certificates stored in "

"<filename>/etc/ssl/local</filename> will be imported to the certificate "

"stores. Certificates in this directory should be stored as PEM encoded "

"<application>OpenSSL</application> trusted certificates."

msgstr ""

"Le script <application>make-ca</application> adaptera les certificats inclus"

" dans le fichier <filename>certdata.txt</filename> pour l'utiliser dans de "

"multiples magasins de certificats (si les applications associées sont "

"présentes sur le système). De plus, tout certificat local stocké dans "

"<filename>/etc/ssl/local</filename> sera importé dans les magasins de "

"certificats. Les certificats de ce répertoire devraient être stockés sous "

"forme de certificats de confiance <application>OpenSSL</application> encodé "

"en PEM."

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:101

msgid ""

"To create an <application>OpenSSL</application> trusted certificate from a "

"regular PEM encoded file, you need to add trust arguments to the "

"<command>openssl</command> command, and create a new certificate. There are "

"three trust types that are recognized by the <application>make-"

"ca</application> script, SSL/TLS, S/Mime, and code signing. For example, "

"using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> roots, if you"

" want to trust both for all three roles, the following commands will create "

"appropriate OpenSSL trusted certificates (run as the <systemitem "

"class=\"username\">root</systemitem> user):"

msgstr ""

"Pour créer un certificat de confiance <application>OpenSSL</application> "

"depuis un fichier normal encodé en PEM, vous devrez ajouter des arguments "

"«&nbsp;trust&nbsp;» à la commande <command>openssl</command> et créer un "

"nouveau certificat. Il y a trois types de confiances reconnues par le script"

" <application>make-ca</application>&nbsp;: SSL/TLS, S/Mime et la signature "

"de code. Par exemple, si vous souhaitez utiliser les racines <ulink "

"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "

"confiance pour ces trois rôles, les commandes suivantes créeront des "

"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "

"<systemitem class=\"username\">root</systemitem>)&nbsp;:"

#. type: Content of: <sect1><sect2><screen>

#: blfs-en/postlfs/security/cacerts.xml:112

#, no-wrap

msgid ""

"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"

"wget http://www.cacert.org/certs/root.crt &&\n"

"wget http://www.cacert.org/certs/class3.crt &&\n"

"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"

"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"

"        > /etc/ssl/local/CAcert_Class_1_root.pem &&\n"

"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"

"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"

"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"

msgstr ""

"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"

"wget http://www.cacert.org/certs/root.crt &&\n"

"wget http://www.cacert.org/certs/class3.crt &&\n"

"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"

"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"

"        > /etc/ssl/local/CAcert_Class_1_root.pem &&\n"

"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"

"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"

"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:122

msgid ""

"If one of the three trust arguments is omitted, the certificate is neither "

"trusted, nor rejected for that role. Clients that use "

"<application>OpenSSL</application> or <application>NSS</application> "

"encountering this certificate will present a warning to the user. Clients "

"using <application>GnuTLS</application> without "

"<application>p11-kit</application> support are not aware of trusted "

"certificates. To include this CA into the ca-bundle.crt (used for "

"<application>GnuTLS</application>), it must have <envar>serverAuth</envar> "

"trust. Additionally, to explicitly disallow a certificate for a particular "

"use, replace the <parameter>-addtrust</parameter> flag with the "

"<parameter>-addreject</parameter> flag."

msgstr ""

"Si un argument trust en omis, le certificat n'est ni reconnu ni rejeté pour "

"ce rôle. Les clients qui utilisent <application>OpenSSL</application> ou "

"<application>NSS</application> rencontrant ce certificat renverront un "

"avertissement à l'utilisateur . Les clients qui utilisent "

"<application>GnuTLS</application> sans le support de "

"<application>p11-kit</application> ne sont pas conscient des certificats de "

"confiance. Pour inclure cette CA dans le fichier ca-bundle.crt (utilisé par "

"<application>GnuTLS</application>), il doit avoir la confiance "

"<envar>serverAuth</envar>. De plus, pour interdire un certificat pour une "

"utilisation particulière, remplacez le paramètre "

"<parameter>-addtrust</parameter> par le paramètre "

"<parameter>-addreject</parameter>."

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:134

msgid ""

"To install the various certificate stores, first install the "

"<application>make-ca</application> script into the correct location.  As the"

" <systemitem class=\"username\">root</systemitem> user:"

msgstr ""

"Pour installer les divers magasins de certificats, installez le script "

"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "

"<systemitem class=\"username\">root</systemitem>&nbsp;:"

#. type: Content of: <sect1><sect2><screen>

#: blfs-en/postlfs/security/cacerts.xml:138

#, no-wrap

msgid "<userinput>make install</userinput>"

msgstr "<userinput>make install</userinput>"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:140

msgid ""

"As the <systemitem class=\"username\">root</systemitem> user, download and "

"update the certificate stores with the following command:"

msgstr ""

"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "

"téléchargez et mettez à jour le magasin de certificats avec la commande "

"suivante :"

#. type: Content of: <sect1><sect2><note><para>

#: blfs-en/postlfs/security/cacerts.xml:144

msgid ""

"If running the script a second time with the same version of "

"<filename>certdata.txt</filename>, for instance, to add additional stores as"

" the requisite software is installed, add the <parameter>-f</parameter> "

"switch to the command line. If packaging, run <command>make-ca "

"--help</command> to see all available command line options."

msgstr ""

"Si vous lancez le script une deuxième fois avec la même version de "

"<filename>certdata.txt</filename>, par exemple pour ajouter des magasins "

"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "

"<parameter>-f</parameter> à la ligne  de commande. Si vous créez un paquet, "

"lancez <command>make-ca --help</command> pour voir toutes les options de la "

"ligne de commande disponibles."

#. type: Content of: <sect1><sect2><screen>

#: blfs-en/postlfs/security/cacerts.xml:151

#, no-wrap

msgid "<userinput>/usr/sbin/make-ca -g</userinput>"

msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:153

msgid ""

"You should periodically update the store with the above command either "

"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "

"revision=\"systemd\">systemd timer. A timer is installed at "

"<filename>/etc/systemd/system/update-pki.timer</filename> that, if enabled, "

"will check for updates weekly.</phrase>"

msgstr ""

"Vous devriez mettre à jour régulièrement le magasin avec la commande ci-"

"dessus soit manuellement, soit via <phrase revision=\"sysv\">une tâche "

"cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer est "

"installé dans <filename>/etc/systemd/system/update-pki.timer</filename> et "

"s'il est activé, il vérifiera les mises à jour une fois par "

"semaine.</phrase>"

#. type: Content of: <sect1><sect2><para>

#: blfs-en/postlfs/security/cacerts.xml:159

msgid ""

"The default <filename>certdata.txt</filename> file provided by make-ca is "

"obtained from the mozilla-release branch, and is modified to provide a "

"Mercurial revision. This will be the correct version for most systems. There"

" are, however, several other variants of the file available for use that "

"might be preferred for one reason or another, including the files shipped "

"with Mozilla products in this book. RedHat and OpenSUSE, for instance, use "

"the version included in <xref linkend=\"nss\"/>. Additional upstream "

"downloads are available at the links below."

msgstr ""

"Le fichier <filename>certdata.txt</filename> fournit par make-ca est obtenu "

"à partir de la branche mozilla-release, et est modifié pour fournir une "

"simple révision horodatée. Ce sera la bonne version pour la plupart des "

"systèmes. Il y a cependant plusieurs variantes du fichier disponibles à "

"l'utilisation qui peuvent être préférés pour une raison ou une autre, "

"incluses dans les produits Mozilla dans ce livre. RedHat et OpenSUSE par "

"exemple utilisent la version incluse dans <xref linkend=\"nss\"/>. Des "

"emplacements de téléchargement supplémentaires sont disponibles :"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:170

msgid ""

"Mozilla Release (the version provided by BLFS): <ulink "

"url=\"&certhost;releases/mozilla-release/raw-"

"file/default/security/nss&certpath;\"/>"

msgstr ""

"Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "

"url=\"&certhost;releases/mozilla-release/raw-"

"file/default/security/nss&certpath;\"/>"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:175

msgid ""

"NSS (this is the latest available version): <ulink "

"url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"

msgstr ""

"NSS (c'est la dernière version disponible)&nbsp;: <ulink "

"url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:180

msgid ""

"Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"

"file/default/security/nss&certpath;\"/>"

msgstr ""

"Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"

"file/default/security/nss&certpath;\"/>"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:185

msgid ""

"Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"

"file/default/security/nss&certpath;\"/>"

msgstr ""

"Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"

"file/default/security/nss&certpath;\"/>"

#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:190

msgid ""

"Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"

"file/default/security/nss&certpath;\"/>"

msgstr ""

"Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"

"file/default/security/nss&certpath;\"/>"

#. type: Content of: <sect1><sect2><title>

#: blfs-en/postlfs/security/cacerts.xml:199

msgid "Contents"

msgstr "Contenu"

#. type: Content of: <sect1><sect2><segmentedlist><segtitle>

#: blfs-en/postlfs/security/cacerts.xml:202

msgid "Installed Programs"

msgstr "Programmes installés"

#. type: Content of: <sect1><sect2><segmentedlist><segtitle>

#: blfs-en/postlfs/security/cacerts.xml:203

msgid "Installed Libraries"

msgstr "Bibliothèques installées"

#. type: Content of: <sect1><sect2><segmentedlist><segtitle>

#: blfs-en/postlfs/security/cacerts.xml:204

msgid "Installed Directories"

msgstr "Répertoires installés"

#. type: Content of:

#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>

#: blfs-en/postlfs/security/cacerts.xml:207

#: blfs-en/postlfs/security/cacerts.xml:225

msgid "make-ca"

msgstr "make-ca"

#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>

#: blfs-en/postlfs/security/cacerts.xml:208

msgid "None"

msgstr "Aucune"

#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>

#: blfs-en/postlfs/security/cacerts.xml:209

msgid "/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}"

msgstr "/etc/ssl/{certs,java,local} et /etc/pki/{nssdb,anchors}"

#. type: Content of: <sect1><sect2><variablelist><bridgehead>

#: blfs-en/postlfs/security/cacerts.xml:214

msgid "Short Descriptions"

msgstr "Descriptions courtes"

#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>

#: blfs-en/postlfs/security/cacerts.xml:219

msgid "<command>make-ca</command>"

msgstr "<command>make-ca</command>"

#. type: Content of:

#. <sect1><sect2><variablelist><varlistentry><listitem><para>

#: blfs-en/postlfs/security/cacerts.xml:221

msgid ""

"is a shell script that adapts a current version of "

"<filename>certdata.txt</filename>, and prepares it for use as the system "

"certificate store."

msgstr ""

"est un script shell qui adapte une version actuelle de "

"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme "

"magasin de certificat du système."

#~ msgid "Required"

#~ msgstr "Requises"

#~ msgid "<xref linkend=\"openssl\"/>"

#~ msgstr "<xref linkend=\"openssl\"/>"

#~ msgid "32 KB"

#~ msgstr "32 Ko"

#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"

#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"

#~ msgid "&sources-anduin-http;/other/certdata.txt"

#~ msgstr "&sources-anduin-http;/other/certdata.txt"

#~ msgid "1.6 MB"

#~ msgstr "1.6 Mo"

#~ msgid "&sources-anduin-http;/other/make-ca.sh-&make-ca-version;"

#~ msgstr "&sources-anduin-http;/other/make-ca.sh-&make-ca-version;"

#~ msgid "24 KB"

#~ msgstr "24 Ko"

#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"

#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"

#~ msgid "Additional Downloads"

#~ msgstr "Téléchargements supplémentaires"

#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"

#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"

#~ msgid ""

#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"

#~ "ca.sh</userinput>"

#~ msgstr ""

#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"

#~ "ca.sh</userinput>"

#~ msgid ""

#~ "You should periodically download a copy of <filename>certdata.txt</filename>"

#~ " and run the <application>make-ca.sh</application> script (as the "

#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "

#~ "monthly <application>cron</application> job to ensure that you have the "

#~ "latest available version of the certificates."

#~ msgstr ""

#~ "Vous devriez télécharger régulièrement une copie de "

#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"

#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "

#~ "class=\"username\">root</systemitem>), ou en tant que tâche "

#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "

#~ "dernière version disponible des certificats."

#~ msgid "make-ca.sh"

#~ msgstr "make-ca.sh"

#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"

#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"

#~ msgid "11 KB"

#~ msgstr "11 Ko"

#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"

#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"

#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"

#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"

#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"

#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"

#~ msgid "9e416981cd153d8923e06dc8e39ac534"

#~ msgstr "9e416981cd153d8923e06dc8e39ac534"

#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"

#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"

#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"

#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"

#~ msgid "487ca7ce6f7b81b3e46362138f93310c"

#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"

#~ msgid "1.4 MB"

#~ msgstr "1.4 Mo"

#~ msgid "0.1 SBU"

#~ msgstr "0.1 SBU"

#~ msgid ""

#~ "The Public Key Infrastructure is used for many security features in a Linux "

#~ "system.  In order for a certificate to be trusted, it must be signed by a "

#~ "trusted agent called a Certificate Authority (CA). The certificates "

#~ "installed in this section are obtained from the Mozilla version control "

#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "

#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"

#~ " either directly or indirectly by linking to one of these packages."

#~ msgstr ""

#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "

#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "

#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "

#~ "agent de confiance, qu'on appelle l'autorité de certification "

#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "

#~ "certificats chargés dans cette section sont issus de la liste du système de "

#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "

#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "

#~ "également être utilisés par d'autres applications, directement ou "

#~ "indirectement via <application>openssl</application>."

#~ msgid ""

#~ "The <application>make-ca.sh</application> script will download a set of "

#~ "certificates from one of five projects (aurora, beta, central, nss, or "

#~ "release) in the Mozialla version control system. It defaults to the release "

#~ "branch, which is identical to the version that ships with the Mozilla "

#~ "products in this book. If you'd like to change the branch that is retrieved,"

#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "

#~ "above."

#~ msgstr ""

#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "

#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "

#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "

#~ "défaut sur la branche release, qui est identique à la version qui vient avec"

#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "

#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "

#~ "l'une des cinq valeurs ci-dessus."

#~ msgid ""

#~ "Additionally, any local certificates stored in "

#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"

#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "

#~ "<application>gnutls</application>), and into the certificate store directory"

#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "

#~ "<application>OpenSSL</application>). All certificates will pass a date and "

#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"

#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"

#~ " upon successful completion of this script."

#~ msgstr ""

#~ "De plus, tout certificat local stocké dans "

#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "

#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "

#~ "se lient à <application>gnutls</application>) et dans le répertoire du "

#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "

#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "

#~ "certificats passeront un test de validation de leur date et de leur "

#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"

#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"

#~ " la fin de ce script si tout va bien."

#~ msgid ""

#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "

#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "

#~ "<filename>/etc/ssl/java/cacerts</filename>."

#~ msgstr ""

#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "

#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "

#~ "dans <filename>/etc/ssl/java/cacerts</filename>."

#~ msgid ""

#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"

#~ "/usr/sbin/make-ca.sh\n"

#~ "</userinput>"

#~ msgstr ""

#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"

#~ "/usr/sbin/make-ca.sh\n"

#~ "</userinput>"

#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"

#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"

#~ msgid "6 MB"

#~ msgstr "6 Mo"

#~ msgid ""

#~ "The certfile.txt file above is actually retrieved from <ulink "

#~ "url=\"https://hg.mozilla.org/releases/mozilla-"

#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"

#~ " really an HTML file, but the text file can be retrieved indirectly from the"

#~ " HTML file.  The Download URL above automates that process and also adds a "

#~ "line where the date can be extracted as a revision number by the scripts "

#~ "below."

#~ msgstr ""

#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "

#~ "url=\"https://hg.mozilla.org/releases/mozilla-"

#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"

#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"

#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "

#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"

#~ " par le script."

#~ msgid "Recommended"

#~ msgstr "Recommandées"

#~ msgid ""

#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"

#~ "<literal>#!/usr/bin/perl -w\n"

#~ "\n"

#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"

#~ "# Run as ./make-cert.pl > certificate.crt\n"

#~ "#\n"

#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"

#~ "#\n"

#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"

#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"

#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"

#~ "#\n"

#~ "# Authors: DJ Lucas\n"

#~ "#          Bruce Dubbs\n"

#~ "#\n"

#~ "# Version 20120211\n"

#~ "\n"

#~ "my $certdata = './tempfile.cer';\n"

#~ "\n"

#~ "open( IN, \"cat $certdata|\" )\n"

#~ "    || die \"could not open $certdata\";\n"

#~ "\n"

#~ "my $incert = 0;\n"

#~ "\n"

#~ "while ( <IN> )\n"

#~ "{\n"

#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"

#~ "    {\n"

#~ "        $incert = 1;\n"

#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"

#~ "            || die \"could not pipe to openssl x509\";\n"

#~ "    }\n"

#~ "\n"

#~ "    elsif ( /^END/ && $incert )\n"

#~ "    {\n"

#~ "        close( OUT );\n"

#~ "        $incert = 0;\n"

#~ "        print \"\\n\\n\";\n"

#~ "    }\n"

#~ "\n"

#~ "    elsif ($incert)\n"

#~ "    {\n"

#~ "        my @bs = split( /\\\\/ );\n"

#~ "        foreach my $b (@bs)\n"

#~ "        {\n"

#~ "            chomp $b;\n"

#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"

#~ "        }\n"

#~ "    }\n"

#~ "}</literal>\n"

#~ "EOF\n"

#~ "\n"

#~ "chmod +x /usr/bin/make-cert.pl</userinput>"

#~ msgstr ""

#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"

#~ "<literal>#!/usr/bin/perl -w\n"

#~ "\n"

#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"

#~ "# Run as ./make-cert.pl > certificate.crt\n"

#~ "#\n"

#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"

#~ "#\n"

#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"

#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"

#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"

#~ "#\n"

#~ "# Authors: DJ Lucas\n"

#~ "#          Bruce Dubbs\n"

#~ "#\n"

#~ "# Version 20120211\n"

#~ "\n"

#~ "my $certdata = './tempfile.cer';\n"

#~ "\n"

#~ "open( IN, \"cat $certdata|\" )\n"

#~ "    || die \"could not open $certdata\";\n"

#~ "\n"

#~ "my $incert = 0;\n"

#~ "\n"

#~ "while ( <IN> )\n"

#~ "{\n"

#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"

#~ "    {\n"

#~ "        $incert = 1;\n"

#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"

#~ "            || die \"could not pipe to openssl x509\";\n"

#~ "    }\n"

#~ "\n"

#~ "    elsif ( /^END/ && $incert )\n"

#~ "    {\n"

#~ "        close( OUT );\n"

#~ "        $incert = 0;\n"

#~ "        print \"\\n\\n\";\n"

#~ "    }\n"

#~ "\n"

#~ "    elsif ($incert)\n"

#~ "    {\n"

#~ "        my @bs = split( /\\\\/ );\n"

#~ "        foreach my $b (@bs)\n"

#~ "        {\n"

#~ "            chomp $b;\n"

#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"

#~ "        }\n"

#~ "    }\n"

#~ "}</literal>\n"

#~ "EOF\n"

#~ "\n"

#~ "chmod +x /usr/bin/make-cert.pl</userinput>"

#~ msgid ""

#~ "The following script creates the certificates and a bundle of all the "

#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "

#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "

#~ "create this script as the <systemitem class=\"username\">root</systemitem> "

#~ "user:"

#~ msgstr ""

#~ "Le script suivant crée les certificats et un bouquet de tous les "

#~ "certificats. Il crée un répertoire <filename "

#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"

#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "

#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"

#~ msgid ""

#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"

#~ "<literal>#!/bin/sh\n"

#~ "# Begin make-ca.sh\n"

#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"

#~ "#\n"

#~ "# The file certdata.txt must exist in the local directory\n"

#~ "# Version number is obtained from the version of the data.\n"

#~ "#\n"

#~ "# Authors: DJ Lucas\n"

#~ "#          Bruce Dubbs\n"

#~ "#\n"

#~ "# Version 20120211\n"

#~ "\n"

#~ "# Some data in the certs have UTF-8 characters\n"

#~ "export LANG=en_US.utf8\n"

#~ "\n"

#~ "certdata=\"certdata.txt\"\n"

#~ "\n"

#~ "if [ ! -r $certdata ]; then\n"

#~ "  echo \"$certdata must be in the local directory\"\n"

#~ "  exit 1\n"

#~ "fi\n"

#~ "\n"

#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"

#~ "\n"

#~ "if [ -z \"${REVISION}\" ]; then\n"

#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"

#~ "  exit 1\n"

#~ "fi\n"

#~ "\n"

#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"

#~ "\n"

#~ "TEMPDIR=$(mktemp -d)\n"

#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"

#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"

#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"

#~ "SSLDIR=\"/etc/ssl\"\n"

#~ "\n"

#~ "mkdir \"${TEMPDIR}/certs\"\n"

#~ "\n"

#~ "# Get a list of starting lines for each cert\n"

#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"

#~ "\n"

#~ "# Get a list of ending lines for each cert\n"

#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"

#~ "\n"

#~ "# Start a loop\n"

#~ "for certbegin in ${CERTBEGINLIST}; do\n"

#~ "  for certend in ${CERTENDLIST}; do\n"

#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"

#~ "      break\n"

#~ "    fi\n"

#~ "  done\n"

#~ "\n"

#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"

#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"

#~ "done\n"

#~ "\n"

#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"

#~ "\n"

#~ "mkdir -p certs\n"

#~ "rm -f certs/*      # Make sure the directory is clean\n"

#~ "\n"

#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"

#~ "  # Make sure that the cert is trusted...\n"

#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"

#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"

#~ "\n"

#~ "  if test \"${?}\" = \"0\"; then\n"

#~ "    # Throw a meaningful error and remove the file\n"

#~ "    cp \"${tempfile}\" tempfile.cer\n"

#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"

#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"

#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"

#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"

#~ "    continue\n"

#~ "  fi\n"

#~ "\n"

#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"

#~ "  # Find the cert data and generate a cert file for it\n"

#~ "\n"

#~ "  cp \"${tempfile}\" tempfile.cer\n"

#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"

#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"

#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"

#~ "  rm -f tempfile.cer \"${tempfile}\"\n"

#~ "  echo \"Created ${keyhash}.pem\"\n"

#~ "done\n"

#~ "\n"

#~ "# Remove blacklisted files\n"

#~ "# MD5 Collision Proof of Concept CA\n"

#~ "if test -f certs/8f111d69.pem; then\n"

#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"

#~ "  rm -f certs/8f111d69.pem\n"

#~ "fi\n"

#~ "\n"

#~ "# Finally, generate the bundle and clean up.\n"

#~ "cat certs/*.pem >  ${BUNDLE}\n"

#~ "rm -r \"${TEMPDIR}\"</literal>\n"

#~ "EOF\n"

#~ "\n"

#~ "chmod +x /usr/bin/make-ca.sh</userinput>"

#~ msgstr ""

#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"

#~ "<literal>#!/bin/sh\n"

#~ "# Begin make-ca.sh\n"

#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"

#~ "#\n"

#~ "# The file certdata.txt must exist in the local directory\n"

#~ "# Version number is obtained from the version of the data.\n"

#~ "#\n"

#~ "# Authors: DJ Lucas\n"

#~ "#          Bruce Dubbs\n"

#~ "#\n"

#~ "# Version 20120211\n"

#~ "\n"

#~ "# Some data in the certs have UTF-8 characters\n"

#~ "export LANG=en_US.utf8\n"

#~ "\n"

#~ "certdata=\"certdata.txt\"\n"

#~ "\n"

#~ "if [ ! -r $certdata ]; then\n"

#~ "  echo \"$certdata must be in the local directory\"\n"

#~ "  exit 1\n"

#~ "fi\n"

#~ "\n"

#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"

#~ "\n"

#~ "if [ -z \"${REVISION}\" ]; then\n"

#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"

#~ "  exit 1\n"

#~ "fi\n"

#~ "\n"

#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"

#~ "\n"

#~ "TEMPDIR=$(mktemp -d)\n"

#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"

#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"

#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"

#~ "SSLDIR=\"/etc/ssl\"\n"

#~ "\n"

#~ "mkdir \"${TEMPDIR}/certs\"\n"

#~ "\n"

#~ "# Get a list of starting lines for each cert\n"

#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"

#~ "\n"

#~ "# Get a list of ending lines for each cert\n"

#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"