Subversion Repositories svn LFS-FR

Rev

Rev 7558 | Rev 7598 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7355 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
7587 jlepiller 9
"POT-Creation-Date: 2018-09-02 09:15+0000\n"
7409 jlepiller 10
"PO-Revision-Date: 2018-04-06 09:36+0000\n"
7355 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.8\n"
7409 jlepiller 19
"X-POOTLE-MTIME: 1523007366.387472\n"
7355 jlepiller 20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/make-ca.xml:7
23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
25
 
26
#. type: Content of the certpath entity
27
#: blfs-en/postlfs/security/make-ca.xml:8
28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
30
 
31
#. type: Content of the make-ca-buildsize entity
32
#: blfs-en/postlfs/security/make-ca.xml:9
33
msgid "6.6 MB (with all runtime deps)"
34
msgstr "6.6 Mo (avec toutes les dépendances à l'exécution)"
35
 
36
#. type: Content of the make-ca-time entity
37
#: blfs-en/postlfs/security/make-ca.xml:10
38
msgid "0.3 SBU (with all runtime deps)"
39
msgstr "0.3 SBU (avec toutes les dépendances à l'exécution)"
40
 
41
#. type: Content of the make-ca-download entity
42
#: blfs-en/postlfs/security/make-ca.xml:12
43
msgid ""
44
"https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-"
45
"ca-version;.tar.gz"
46
msgstr ""
47
"https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-"
48
"ca-version;.tar.gz"
49
 
50
#. type: Content of the make-ca-size entity
51
#: blfs-en/postlfs/security/make-ca.xml:13
52
msgid "36 KB"
53
msgstr "36 Ko"
54
 
55
#. type: Content of the make-ca-md5sum entity
56
#: blfs-en/postlfs/security/make-ca.xml:14
7465 jlepiller 57
msgid "1f0176c4fa89274971b2826a97f303f7"
58
msgstr "1f0176c4fa89274971b2826a97f303f7"
7355 jlepiller 59
 
60
#. type: Content of: <sect1><sect1info>
61
#: blfs-en/postlfs/security/make-ca.xml:21
62
msgid ""
7558 jlepiller 63
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2018-08-15 02:39:38"
64
" +0000 (Wed, 15 Aug 2018) $</date>"
7355 jlepiller 65
msgstr ""
7558 jlepiller 66
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2018-08-15 02:39:38"
67
" +0000 (Wed, 15 Aug 2018) $</date>"
7355 jlepiller 68
 
7360 jlepiller 69
#. type: Content of: <sect1><title>
70
#: blfs-en/postlfs/security/make-ca.xml:25
71
msgid "make-ca-&make-ca-version;"
72
msgstr "make-ca-&make-ca-version;"
73
 
7355 jlepiller 74
#. type: Content of:
75
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7360 jlepiller 76
#: blfs-en/postlfs/security/make-ca.xml:27
7465 jlepiller 77
#: blfs-en/postlfs/security/make-ca.xml:210
78
#: blfs-en/postlfs/security/make-ca.xml:228
7355 jlepiller 79
msgid "make-ca"
80
msgstr "make-ca"
81
 
7360 jlepiller 82
#. type: Content of: <sect1><sect2><title>
83
#: blfs-en/postlfs/security/make-ca.xml:31
84
msgid "Introduction to make-ca"
85
msgstr "Introduction à make-ca"
86
 
87
#. type: Content of: <sect1><sect2><para>
88
#: blfs-en/postlfs/security/make-ca.xml:34
7355 jlepiller 89
msgid ""
90
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
91
"an otherwise unknown entity across untrusted networks. PKI works by "
92
"establishing a chain of trust, rather than trusting each individual host or "
93
"entity explicitly. In order for a certificate presented by a remote entity "
94
"to be trusted, that certificate must present a complete chain of "
95
"certificates that can be validated using the root certificate of a "
96
"Certificate Authority (CA) that is trusted by the local machine."
97
msgstr ""
98
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
99
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
100
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
101
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
102
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
103
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
104
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
105
"autorité de certification (CA) en laquelle la machine locale a confiance."
106
 
7360 jlepiller 107
#. type: Content of: <sect1><sect2><para>
108
#: blfs-en/postlfs/security/make-ca.xml:44
7355 jlepiller 109
msgid ""
110
"Establishing trust with a CA involves validating things like company "
111
"address, ownership, contact information, etc., and ensuring that the CA has "
112
"followed best practices, such as undergoing periodic security audits by "
113
"independent investigators and maintaining an always available certificate "
114
"revocation list. This is well outside the scope of BLFS (as it is for most "
115
"Linux distributions). The certificate store provided here is taken from the "
116
"Mozilla Foundation, who have established very strict inclusion policies "
117
"described <ulink url=\"https://www.mozilla.org/en-"
118
"US/about/governance/policies/security-group/certs/\">here</ulink>."
119
msgstr ""
120
"L'établissement de la confiance avec une CA nécessite de valider des choses "
121
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
122
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
123
"audits de sécurité périodiques par des enquêteurs indépendants et le "
124
"maintient d'une liste de révocation de certificats toujours disponible. Ceci"
125
" est bien au delà de la portée de BLFS (comme pour la plupart des "
126
"distributions Linux). Le magasin de certificats fournit ici est emprunté à "
127
"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"
128
" décrite <ulink url=\"https://www.mozilla.org/en-"
129
"US/about/governance/policies/security-group/certs/\">ici</ulink>."
130
 
131
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 132
#: blfs-en/postlfs/security/make-ca.xml:57
7355 jlepiller 133
msgid "Package Information"
134
msgstr "Informations sur le paquet"
135
 
136
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 137
#: blfs-en/postlfs/security/make-ca.xml:60
7355 jlepiller 138
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
139
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
140
 
141
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 142
#: blfs-en/postlfs/security/make-ca.xml:63
7355 jlepiller 143
msgid "Download size: &make-ca-size;"
144
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
145
 
146
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 147
#: blfs-en/postlfs/security/make-ca.xml:66
7355 jlepiller 148
msgid "Download MD5 Sum: &make-ca-md5sum;"
149
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
150
 
151
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 152
#: blfs-en/postlfs/security/make-ca.xml:69
7355 jlepiller 153
msgid "Estimated disk space required: &make-ca-buildsize;"
154
msgstr "Estimation de l'espace disque requis&nbsp;: &make-ca-buildsize;"
155
 
156
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 157
#: blfs-en/postlfs/security/make-ca.xml:72
7355 jlepiller 158
msgid "Estimated build time: &make-ca-time;"
159
msgstr "Estimation du temps de construction&nbsp;: &make-ca-time;"
160
 
161
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 162
#: blfs-en/postlfs/security/make-ca.xml:76
7355 jlepiller 163
msgid "make-ca Dependencies"
164
msgstr "Dépendances de make-ca"
165
 
166
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 167
#: blfs-en/postlfs/security/make-ca.xml:81
7355 jlepiller 168
msgid "Optional (runtime)"
169
msgstr "Facultatives (exécution)"
170
 
171
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 172
#: blfs-en/postlfs/security/make-ca.xml:83
7355 jlepiller 173
msgid ""
174
"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "
175
"linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/>, and <xref "
176
"role=\"runtime\" linkend=\"p11-kit\"/>"
177
msgstr ""
178
"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "
179
"linkend=\"openjdk\"/>, <xref role=\"runtime\" linkend=\"nss\"/> et <xref "
180
"role=\"runtime\" linkend=\"p11-kit\"/>"
181
 
182
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 183
#: blfs-en/postlfs/security/make-ca.xml:89
7355 jlepiller 184
msgid "User Notes: <ulink url='&blfs-wiki;/make-ca'/>"
185
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/make-ca'/>"
186
 
187
#. type: Content of: <sect1><sect2><title>
7360 jlepiller 188
#: blfs-en/postlfs/security/make-ca.xml:94
7355 jlepiller 189
msgid "Installation of make-ca"
190
msgstr "Installation de make-ca"
191
 
192
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 193
#: blfs-en/postlfs/security/make-ca.xml:96
7355 jlepiller 194
msgid ""
195
"The <application>make-ca</application> script will download and process the "
196
"certificates included in the <filename>certdata.txt</filename> file for use "
197
"in multiple certificate stores (if the associated applications are present "
198
"on the system). Additionally, any local certificates stored in "
199
"<filename>/etc/ssl/local</filename> will be imported to the certificate "
200
"stores. Certificates in this directory should be stored as PEM encoded "
201
"<application>OpenSSL</application> trusted certificates."
202
msgstr ""
203
"Le script <application>make-ca</application> adaptera les certificats inclus"
204
" dans le fichier <filename>certdata.txt</filename> pour l'utiliser dans de "
205
"multiples magasins de certificats (si les applications associées sont "
206
"présentes sur le système). De plus, tout certificat local stocké dans "
207
"<filename>/etc/ssl/local</filename> sera importé dans les magasins de "
208
"certificats. Les certificats de ce répertoire devraient être stockés sous "
209
"forme de certificats de confiance <application>OpenSSL</application> encodé "
210
"en PEM."
211
 
212
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 213
#: blfs-en/postlfs/security/make-ca.xml:104
7355 jlepiller 214
msgid ""
215
"To create an <application>OpenSSL</application> trusted certificate from a "
216
"regular PEM encoded file, you need to add trust arguments to the "
217
"<command>openssl</command> command, and create a new certificate. There are "
218
"three trust types that are recognized by the <application>make-"
219
"ca</application> script, SSL/TLS, S/Mime, and code signing. For example, "
220
"using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> roots, if you"
221
" want to trust both for all three roles, the following commands will create "
222
"appropriate OpenSSL trusted certificates (run as the <systemitem "
223
"class=\"username\">root</systemitem> user):"
224
msgstr ""
225
"Pour créer un certificat de confiance <application>OpenSSL</application> "
226
"depuis un fichier normal encodé en PEM, vous devrez ajouter des arguments "
227
"«&nbsp;trust&nbsp;» à la commande <command>openssl</command> et créer un "
228
"nouveau certificat. Il y a trois types de confiances reconnues par le script"
229
" <application>make-ca</application>&nbsp;: SSL/TLS, S/Mime et la signature "
230
"de code. Par exemple, si vous souhaitez utiliser les racines <ulink "
231
"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "
232
"confiance pour ces trois rôles, les commandes suivantes créeront des "
233
"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "
234
"<systemitem class=\"username\">root</systemitem>)&nbsp;:"
235
 
236
#. type: Content of: <sect1><sect2><screen>
7360 jlepiller 237
#: blfs-en/postlfs/security/make-ca.xml:115
7355 jlepiller 238
#, no-wrap
239
msgid ""
240
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
241
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
242
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
243
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
244
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
245
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
246
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
247
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
248
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
249
msgstr ""
250
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
251
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
252
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
253
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
254
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
255
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
256
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
257
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
258
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
259
 
260
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 261
#: blfs-en/postlfs/security/make-ca.xml:125
7355 jlepiller 262
msgid ""
263
"If one of the three trust arguments is omitted, the certificate is neither "
264
"trusted, nor rejected for that role. Clients that use "
265
"<application>OpenSSL</application> or <application>NSS</application> "
266
"encountering this certificate will present a warning to the user. Clients "
267
"using <application>GnuTLS</application> without "
268
"<application>p11-kit</application> support are not aware of trusted "
269
"certificates. To include this CA into the ca-bundle.crt (used for "
270
"<application>GnuTLS</application>), it must have <envar>serverAuth</envar> "
271
"trust. Additionally, to explicitly disallow a certificate for a particular "
272
"use, replace the <parameter>-addtrust</parameter> flag with the "
273
"<parameter>-addreject</parameter> flag."
274
msgstr ""
275
"Si un argument trust en omis, le certificat n'est ni reconnu ni rejeté pour "
276
"ce rôle. Les clients qui utilisent <application>OpenSSL</application> ou "
277
"<application>NSS</application> rencontrant ce certificat renverront un "
278
"avertissement à l'utilisateur . Les clients qui utilisent "
279
"<application>GnuTLS</application> sans le support de "
280
"<application>p11-kit</application> ne sont pas conscient des certificats de "
281
"confiance. Pour inclure cette CA dans le fichier ca-bundle.crt (utilisé par "
282
"<application>GnuTLS</application>), il doit avoir la confiance "
283
"<envar>serverAuth</envar>. De plus, pour interdire un certificat pour une "
284
"utilisation particulière, remplacez le paramètre "
285
"<parameter>-addtrust</parameter> par le paramètre "
286
"<parameter>-addreject</parameter>."
287
 
288
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 289
#: blfs-en/postlfs/security/make-ca.xml:137
7355 jlepiller 290
msgid ""
291
"To install the various certificate stores, first install the "
292
"<application>make-ca</application> script into the correct location.  As the"
293
" <systemitem class=\"username\">root</systemitem> user:"
294
msgstr ""
295
"Pour installer les divers magasins de certificats, installez le script "
296
"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "
297
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
298
 
299
#. type: Content of: <sect1><sect2><screen>
7360 jlepiller 300
#: blfs-en/postlfs/security/make-ca.xml:141
7355 jlepiller 301
#, no-wrap
302
msgid "<userinput>make install</userinput>"
303
msgstr "<userinput>make install</userinput>"
304
 
305
#. type: Content of: <sect1><sect2><para>
7360 jlepiller 306
#: blfs-en/postlfs/security/make-ca.xml:143
7355 jlepiller 307
msgid ""
308
"As the <systemitem class=\"username\">root</systemitem> user, download and "
309
"update the certificate stores with the following command:"
310
msgstr ""
311
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
312
"téléchargez et mettez à jour le magasin de certificats avec la commande "
313
"suivante&nbsp;:"
314
 
315
#. type: Content of: <sect1><sect2><note><para>
7360 jlepiller 316
#: blfs-en/postlfs/security/make-ca.xml:147
7355 jlepiller 317
msgid ""
318
"If running the script a second time with the same version of "
319
"<filename>certdata.txt</filename>, for instance, to add additional stores as"
320
" the requisite software is installed, add the <parameter>-f</parameter> "
321
"switch to the command line. If packaging, run <command>make-ca "
322
"--help</command> to see all available command line options."
323
msgstr ""
324
"Si vous lancez le script une deuxième fois avec la même version de "
325
"<filename>certdata.txt</filename>, par exemple pour ajouter des magasins "
326
"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "
327
"<parameter>-f</parameter> à la ligne  de commande. Si vous créez un paquet, "
328
"lancez <command>make-ca --help</command> pour voir toutes les options de la "
329
"ligne de commande disponibles."
330
 
331
#. type: Content of: <sect1><sect2><screen>
7360 jlepiller 332
#: blfs-en/postlfs/security/make-ca.xml:154
7355 jlepiller 333
#, no-wrap
7465 jlepiller 334
msgid "<userinput>/usr/sbin/make-ca -g</userinput>"
335
msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"
7355 jlepiller 336
 
337
#. type: Content of: <sect1><sect2><para>
7465 jlepiller 338
#: blfs-en/postlfs/security/make-ca.xml:156
7355 jlepiller 339
msgid ""
340
"You should periodically update the store with the above command either "
341
"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "
342
"revision=\"systemd\">systemd timer. A timer is installed at "
343
"<filename>/etc/systemd/system/update-pki.timer</filename> that, if enabled, "
344
"will check for updates weekly.</phrase>"
345
msgstr ""
346
"Vous devriez mettre à jour régulièrement le magasin avec la commande ci-"
347
"dessus soit manuellement, soit via <phrase revision=\"sysv\">une tâche "
348
"cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer est "
349
"installé dans <filename>/etc/systemd/system/update-pki.timer</filename> et "
350
"s'il est activé, il vérifiera les mises à jour une fois par "
351
"semaine.</phrase>"
352
 
353
#. type: Content of: <sect1><sect2><para>
7465 jlepiller 354
#: blfs-en/postlfs/security/make-ca.xml:162
7355 jlepiller 355
msgid ""
356
"The default <filename>certdata.txt</filename> file provided by make-ca is "
357
"obtained from the mozilla-release branch, and is modified to provide a "
358
"Mercurial revision. This will be the correct version for most systems. There"
359
" are, however, several other variants of the file available for use that "
360
"might be preferred for one reason or another, including the files shipped "
361
"with Mozilla products in this book. RedHat and OpenSUSE, for instance, use "
362
"the version included in <xref linkend=\"nss\"/>. Additional upstream "
363
"downloads are available at the links below."
364
msgstr ""
365
"Le fichier <filename>certdata.txt</filename> fournit par make-ca est obtenu "
366
"à partir de la branche mozilla-release, et est modifié pour fournir une "
367
"simple révision horodatée. Ce sera la bonne version pour la plupart des "
368
"systèmes. Il y a cependant plusieurs variantes du fichier disponibles à "
369
"l'utilisation qui peuvent être préférés pour une raison ou une autre, "
370
"incluses dans les produits Mozilla dans ce livre. RedHat et OpenSUSE par "
371
"exemple utilisent la version incluse dans <xref linkend=\"nss\"/>. Des "
372
"emplacements de téléchargement supplémentaires sont disponibles&nbsp;:"
373
 
374
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7465 jlepiller 375
#: blfs-en/postlfs/security/make-ca.xml:173
7355 jlepiller 376
msgid ""
377
"Mozilla Release (the version provided by BLFS): <ulink "
378
"url=\"&certhost;releases/mozilla-release/raw-"
379
"file/default/security/nss&certpath;\"/>"
380
msgstr ""
381
"Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
382
"url=\"&certhost;releases/mozilla-release/raw-"
383
"file/default/security/nss&certpath;\"/>"
384
 
385
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7465 jlepiller 386
#: blfs-en/postlfs/security/make-ca.xml:178
7355 jlepiller 387
msgid ""
388
"NSS (this is the latest available version): <ulink "
389
"url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
390
msgstr ""
391
"NSS (c'est la dernière version disponible)&nbsp;: <ulink "
392
"url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
393
 
394
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7465 jlepiller 395
#: blfs-en/postlfs/security/make-ca.xml:183
7355 jlepiller 396
msgid ""
397
"Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
398
"file/default/security/nss&certpath;\"/>"
399
msgstr ""
400
"Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
401
"file/default/security/nss&certpath;\"/>"
402
 
403
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7465 jlepiller 404
#: blfs-en/postlfs/security/make-ca.xml:188
7355 jlepiller 405
msgid ""
406
"Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
407
"file/default/security/nss&certpath;\"/>"
408
msgstr ""
409
"Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
410
"file/default/security/nss&certpath;\"/>"
411
 
412
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7465 jlepiller 413
#: blfs-en/postlfs/security/make-ca.xml:193
7355 jlepiller 414
msgid ""
415
"Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
416
"file/default/security/nss&certpath;\"/>"
417
msgstr ""
418
"Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
419
"file/default/security/nss&certpath;\"/>"
420
 
421
#. type: Content of: <sect1><sect2><title>
7465 jlepiller 422
#: blfs-en/postlfs/security/make-ca.xml:202
7355 jlepiller 423
msgid "Contents"
424
msgstr "Contenu"
425
 
426
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7465 jlepiller 427
#: blfs-en/postlfs/security/make-ca.xml:205
7355 jlepiller 428
msgid "Installed Programs"
429
msgstr "Programmes installés"
430
 
431
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7465 jlepiller 432
#: blfs-en/postlfs/security/make-ca.xml:206
7355 jlepiller 433
msgid "Installed Libraries"
434
msgstr "Bibliothèques installées"
435
 
436
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7465 jlepiller 437
#: blfs-en/postlfs/security/make-ca.xml:207
7355 jlepiller 438
msgid "Installed Directories"
439
msgstr "Répertoires installés"
440
 
441
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7465 jlepiller 442
#: blfs-en/postlfs/security/make-ca.xml:211
7355 jlepiller 443
msgid "None"
444
msgstr "Aucune"
445
 
446
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7465 jlepiller 447
#: blfs-en/postlfs/security/make-ca.xml:212
7355 jlepiller 448
msgid "/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}"
449
msgstr "/etc/ssl/{certs,java,local} et /etc/pki/{nssdb,anchors}"
450
 
451
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
7465 jlepiller 452
#: blfs-en/postlfs/security/make-ca.xml:217
7355 jlepiller 453
msgid "Short Descriptions"
454
msgstr "Descriptions courtes"
455
 
456
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
7465 jlepiller 457
#: blfs-en/postlfs/security/make-ca.xml:222
7355 jlepiller 458
msgid "<command>make-ca</command>"
459
msgstr "<command>make-ca</command>"
460
 
461
#. type: Content of:
462
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
7465 jlepiller 463
#: blfs-en/postlfs/security/make-ca.xml:224
7355 jlepiller 464
msgid ""
465
"is a shell script that adapts a current version of "
466
"<filename>certdata.txt</filename>, and prepares it for use as the system "
467
"certificate store."
468
msgstr ""
469
"est un script shell qui adapte une version actuelle de "
470
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme "
471
"magasin de certificat du système."
472
 
7465 jlepiller 473
#~ msgid "4f180b9bf3b11f29d6a79e6022aeae23"
474
#~ msgstr "4f180b9bf3b11f29d6a79e6022aeae23"
7409 jlepiller 475
 
7465 jlepiller 476
#~ msgid ""
477
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
478
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
479
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
480
#~ "/usr/sbin/make-ca -g</userinput>"
481
#~ msgstr ""
482
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
483
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
484
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
485
#~ "/usr/sbin/make-ca -g</userinput>"
486
 
487
#~ msgid ""
488
#~ "The <command>sed</command> command works around missing quotes in "
489
#~ "<command>c_rehash</command> from openssl-1.1.0h and can be safely rerun (the"
490
#~ " \" inserted the first time will prevent matches on subsequent runs)."
491
#~ msgstr ""
492
#~ "La commande <command>sed</command> contourne le manque de guillemets dans "
493
#~ "<command>c_rehash</command> d'openssl-1.1.0h et peut être relancé sans "
494
#~ "problème (le \" inséré la première fois évitera une correspondance sur les "
495
#~ "lancements suivants)."
496
 
7355 jlepiller 497
#~ msgid "Certificate Authority Certificates"
498
#~ msgstr "Certificats d'autorité de certification"
499
 
500
#~ msgid "Certificate Authority Certificates Dependencies"
501
#~ msgstr "Dépendances de Certificate Authority Certificates"
502
 
503
#~ msgid "Installation of Certificate Authority Certificates"
504
#~ msgstr "Installation de Certificate Authority Certificates"
505
 
506
#~ msgid "851f9e267f343c54db8caa87ec5b3d75"
507
#~ msgstr "851f9e267f343c54db8caa87ec5b3d75"
508
 
509
#~ msgid "Required"
510
#~ msgstr "Requises"
511
 
512
#~ msgid "<xref linkend=\"openssl\"/>"
513
#~ msgstr "<xref linkend=\"openssl\"/>"
514
 
515
#~ msgid "32 KB"
516
#~ msgstr "32 Ko"
517
 
518
#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"
519
#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"
520
 
521
#~ msgid "&sources-anduin-http;/other/certdata.txt"
522
#~ msgstr "&sources-anduin-http;/other/certdata.txt"
523
 
524
#~ msgid "1.6 MB"
525
#~ msgstr "1.6 Mo"
526
 
527
#~ msgid "24 KB"
528
#~ msgstr "24 Ko"
529
 
530
#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"
531
#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"
532
 
533
#~ msgid "Additional Downloads"
534
#~ msgstr "Téléchargements supplémentaires"
535
 
536
#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
537
#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
538
 
539
#~ msgid ""
540
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
541
#~ "ca.sh</userinput>"
542
#~ msgstr ""
543
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
544
#~ "ca.sh</userinput>"
545
 
546
#~ msgid ""
547
#~ "You should periodically download a copy of <filename>certdata.txt</filename>"
548
#~ " and run the <application>make-ca.sh</application> script (as the "
549
#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "
550
#~ "monthly <application>cron</application> job to ensure that you have the "
551
#~ "latest available version of the certificates."
552
#~ msgstr ""
553
#~ "Vous devriez télécharger régulièrement une copie de "
554
#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"
555
#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "
556
#~ "class=\"username\">root</systemitem>), ou en tant que tâche "
557
#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "
558
#~ "dernière version disponible des certificats."
559
 
560
#~ msgid "make-ca.sh"
561
#~ msgstr "make-ca.sh"
562
 
563
#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"
564
#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"
565
 
566
#~ msgid "11 KB"
567
#~ msgstr "11 Ko"
568
 
569
#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"
570
#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"
571
 
572
#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"
573
#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"
574
 
575
#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"
576
#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"
577
 
578
#~ msgid "9e416981cd153d8923e06dc8e39ac534"
579
#~ msgstr "9e416981cd153d8923e06dc8e39ac534"
580
 
581
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
582
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
583
 
584
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
585
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
586
 
587
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
588
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
589
 
590
#~ msgid "1.4 MB"
591
#~ msgstr "1.4 Mo"
592
 
593
#~ msgid "0.1 SBU"
594
#~ msgstr "0.1 SBU"
595
 
596
#~ msgid ""
597
#~ "The Public Key Infrastructure is used for many security features in a Linux "
598
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
599
#~ "trusted agent called a Certificate Authority (CA). The certificates "
600
#~ "installed in this section are obtained from the Mozilla version control "
601
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
602
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
603
#~ " either directly or indirectly by linking to one of these packages."
604
#~ msgstr ""
605
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
606
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
607
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
608
#~ "agent de confiance, qu'on appelle l'autorité de certification "
609
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
610
#~ "certificats chargés dans cette section sont issus de la liste du système de "
611
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
612
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
613
#~ "également être utilisés par d'autres applications, directement ou "
614
#~ "indirectement via <application>openssl</application>."
615
 
616
#~ msgid ""
617
#~ "The <application>make-ca.sh</application> script will download a set of "
618
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
619
#~ "release) in the Mozialla version control system. It defaults to the release "
620
#~ "branch, which is identical to the version that ships with the Mozilla "
621
#~ "products in this book. If you'd like to change the branch that is retrieved,"
622
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
623
#~ "above."
624
#~ msgstr ""
625
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
626
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
627
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
628
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
629
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
630
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
631
#~ "l'une des cinq valeurs ci-dessus."
632
 
633
#~ msgid ""
634
#~ "Additionally, any local certificates stored in "
635
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
636
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
637
#~ "<application>gnutls</application>), and into the certificate store directory"
638
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
639
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
640
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
641
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
642
#~ " upon successful completion of this script."
643
#~ msgstr ""
644
#~ "De plus, tout certificat local stocké dans "
645
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
646
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
647
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
648
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
649
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
650
#~ "certificats passeront un test de validation de leur date et de leur "
651
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
652
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
653
#~ " la fin de ce script si tout va bien."
654
 
655
#~ msgid ""
656
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
657
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
658
#~ "<filename>/etc/ssl/java/cacerts</filename>."
659
#~ msgstr ""
660
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
661
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
662
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
663
 
664
#~ msgid ""
665
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
666
#~ "/usr/sbin/make-ca.sh\n"
667
#~ "</userinput>"
668
#~ msgstr ""
669
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
670
#~ "/usr/sbin/make-ca.sh\n"
671
#~ "</userinput>"
672
 
673
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
674
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
675
 
676
#~ msgid "6 MB"
677
#~ msgstr "6 Mo"
678
 
679
#~ msgid ""
680
#~ "The certfile.txt file above is actually retrieved from <ulink "
681
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
682
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
683
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
684
#~ " HTML file.  The Download URL above automates that process and also adds a "
685
#~ "line where the date can be extracted as a revision number by the scripts "
686
#~ "below."
687
#~ msgstr ""
688
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
689
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
690
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
691
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
692
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
693
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
694
#~ " par le script."
695
 
696
#~ msgid "Recommended"
697
#~ msgstr "Recommandées"
698
 
699
#~ msgid ""
700
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
701
#~ "<literal>#!/usr/bin/perl -w\n"
702
#~ "\n"
703
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
704
#~ "# Run as ./make-cert.pl > certificate.crt\n"
705
#~ "#\n"
706
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
707
#~ "#\n"
708
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
709
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
710
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
711
#~ "#\n"
712
#~ "# Authors: DJ Lucas\n"
713
#~ "#          Bruce Dubbs\n"
714
#~ "#\n"
715
#~ "# Version 20120211\n"
716
#~ "\n"
717
#~ "my $certdata = './tempfile.cer';\n"
718
#~ "\n"
719
#~ "open( IN, \"cat $certdata|\" )\n"
720
#~ "    || die \"could not open $certdata\";\n"
721
#~ "\n"
722
#~ "my $incert = 0;\n"
723
#~ "\n"
724
#~ "while ( &lt;IN&gt; )\n"
725
#~ "{\n"
726
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
727
#~ "    {\n"
728
#~ "        $incert = 1;\n"
729
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
730
#~ "            || die \"could not pipe to openssl x509\";\n"
731
#~ "    }\n"
732
#~ "\n"
733
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
734
#~ "    {\n"
735
#~ "        close( OUT );\n"
736
#~ "        $incert = 0;\n"
737
#~ "        print \"\\n\\n\";\n"
738
#~ "    }\n"
739
#~ "\n"
740
#~ "    elsif ($incert)\n"
741
#~ "    {\n"
742
#~ "        my @bs = split( /\\\\/ );\n"
743
#~ "        foreach my $b (@bs)\n"
744
#~ "        {\n"
745
#~ "            chomp $b;\n"
746
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
747
#~ "        }\n"
748
#~ "    }\n"
749
#~ "}</literal>\n"
750
#~ "EOF\n"
751
#~ "\n"
752
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
753
#~ msgstr ""
754
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
755
#~ "<literal>#!/usr/bin/perl -w\n"
756
#~ "\n"
757
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
758
#~ "# Run as ./make-cert.pl > certificate.crt\n"
759
#~ "#\n"
760
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
761
#~ "#\n"
762
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
763
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
764
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
765
#~ "#\n"
766
#~ "# Authors: DJ Lucas\n"
767
#~ "#          Bruce Dubbs\n"
768
#~ "#\n"
769
#~ "# Version 20120211\n"
770
#~ "\n"
771
#~ "my $certdata = './tempfile.cer';\n"
772
#~ "\n"
773
#~ "open( IN, \"cat $certdata|\" )\n"
774
#~ "    || die \"could not open $certdata\";\n"
775
#~ "\n"
776
#~ "my $incert = 0;\n"
777
#~ "\n"
778
#~ "while ( &lt;IN&gt; )\n"
779
#~ "{\n"
780
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
781
#~ "    {\n"
782
#~ "        $incert = 1;\n"
783
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
784
#~ "            || die \"could not pipe to openssl x509\";\n"
785
#~ "    }\n"
786
#~ "\n"
787
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
788
#~ "    {\n"
789
#~ "        close( OUT );\n"
790
#~ "        $incert = 0;\n"
791
#~ "        print \"\\n\\n\";\n"
792
#~ "    }\n"
793
#~ "\n"
794
#~ "    elsif ($incert)\n"
795
#~ "    {\n"
796
#~ "        my @bs = split( /\\\\/ );\n"
797
#~ "        foreach my $b (@bs)\n"
798
#~ "        {\n"
799
#~ "            chomp $b;\n"
800
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
801
#~ "        }\n"
802
#~ "    }\n"
803
#~ "}</literal>\n"
804
#~ "EOF\n"
805
#~ "\n"
806
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
807
 
808
#~ msgid ""
809
#~ "The following script creates the certificates and a bundle of all the "
810
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
811
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
812
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
813
#~ "user:"
814
#~ msgstr ""
815
#~ "Le script suivant crée les certificats et un bouquet de tous les "
816
#~ "certificats. Il crée un répertoire <filename "
817
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
818
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
819
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
820
 
821
#~ msgid ""
822
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
823
#~ "<literal>#!/bin/sh\n"
824
#~ "# Begin make-ca.sh\n"
825
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
826
#~ "#\n"
827
#~ "# The file certdata.txt must exist in the local directory\n"
828
#~ "# Version number is obtained from the version of the data.\n"
829
#~ "#\n"
830
#~ "# Authors: DJ Lucas\n"
831
#~ "#          Bruce Dubbs\n"
832
#~ "#\n"
833
#~ "# Version 20120211\n"
834
#~ "\n"
835
#~ "# Some data in the certs have UTF-8 characters\n"
836
#~ "export LANG=en_US.utf8\n"
837
#~ "\n"
838
#~ "certdata=\"certdata.txt\"\n"
839
#~ "\n"
840
#~ "if [ ! -r $certdata ]; then\n"
841
#~ "  echo \"$certdata must be in the local directory\"\n"
842
#~ "  exit 1\n"
843
#~ "fi\n"
844
#~ "\n"
845
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
846
#~ "\n"
847
#~ "if [ -z \"${REVISION}\" ]; then\n"
848
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
849
#~ "  exit 1\n"
850
#~ "fi\n"
851
#~ "\n"
852
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
853
#~ "\n"
854
#~ "TEMPDIR=$(mktemp -d)\n"
855
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
856
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
857
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
858
#~ "SSLDIR=\"/etc/ssl\"\n"
859
#~ "\n"
860
#~ "mkdir \"${TEMPDIR}/certs\"\n"
861
#~ "\n"
862
#~ "# Get a list of starting lines for each cert\n"
863
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
864
#~ "\n"
865
#~ "# Get a list of ending lines for each cert\n"
866
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
867
#~ "\n"
868
#~ "# Start a loop\n"
869
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
870
#~ "  for certend in ${CERTENDLIST}; do\n"
871
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
872
#~ "      break\n"
873
#~ "    fi\n"
874
#~ "  done\n"
875
#~ "\n"
876
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
877
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
878
#~ "done\n"
879
#~ "\n"
880
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
881
#~ "\n"
882
#~ "mkdir -p certs\n"
883
#~ "rm -f certs/*      # Make sure the directory is clean\n"
884
#~ "\n"
885
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
886
#~ "  # Make sure that the cert is trusted...\n"
887
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
888
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
889
#~ "\n"
890
#~ "  if test \"${?}\" = \"0\"; then\n"
891
#~ "    # Throw a meaningful error and remove the file\n"
892
#~ "    cp \"${tempfile}\" tempfile.cer\n"
893
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
894
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
895
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
896
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
897
#~ "    continue\n"
898
#~ "  fi\n"
899
#~ "\n"
900
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
901
#~ "  # Find the cert data and generate a cert file for it\n"
902
#~ "\n"
903
#~ "  cp \"${tempfile}\" tempfile.cer\n"
904
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
905
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
906
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
907
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
908
#~ "  echo \"Created ${keyhash}.pem\"\n"
909
#~ "done\n"
910
#~ "\n"
911
#~ "# Remove blacklisted files\n"
912
#~ "# MD5 Collision Proof of Concept CA\n"
913
#~ "if test -f certs/8f111d69.pem; then\n"
914
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
915
#~ "  rm -f certs/8f111d69.pem\n"
916
#~ "fi\n"
917
#~ "\n"
918
#~ "# Finally, generate the bundle and clean up.\n"
919
#~ "cat certs/*.pem >  ${BUNDLE}\n"
920
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
921
#~ "EOF\n"
922
#~ "\n"
923
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
924
#~ msgstr ""
925
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
926
#~ "<literal>#!/bin/sh\n"
927
#~ "# Begin make-ca.sh\n"
928
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
929
#~ "#\n"
930
#~ "# The file certdata.txt must exist in the local directory\n"
931
#~ "# Version number is obtained from the version of the data.\n"
932
#~ "#\n"
933
#~ "# Authors: DJ Lucas\n"
934
#~ "#          Bruce Dubbs\n"
935
#~ "#\n"
936
#~ "# Version 20120211\n"
937
#~ "\n"
938
#~ "# Some data in the certs have UTF-8 characters\n"
939
#~ "export LANG=en_US.utf8\n"
940
#~ "\n"
941
#~ "certdata=\"certdata.txt\"\n"
942
#~ "\n"
943
#~ "if [ ! -r $certdata ]; then\n"
944
#~ "  echo \"$certdata must be in the local directory\"\n"
945
#~ "  exit 1\n"
946
#~ "fi\n"
947
#~ "\n"
948
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
949
#~ "\n"
950
#~ "if [ -z \"${REVISION}\" ]; then\n"
951
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
952
#~ "  exit 1\n"
953
#~ "fi\n"
954
#~ "\n"
955
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
956
#~ "\n"
957
#~ "TEMPDIR=$(mktemp -d)\n"
958
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
959
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
960
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
961
#~ "SSLDIR=\"/etc/ssl\"\n"
962
#~ "\n"
963
#~ "mkdir \"${TEMPDIR}/certs\"\n"
964
#~ "\n"
965
#~ "# Get a list of starting lines for each cert\n"
966
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
967
#~ "\n"
968
#~ "# Get a list of ending lines for each cert\n"
969
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
970
#~ "\n"
971
#~ "# Start a loop\n"
972
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
973
#~ "  for certend in ${CERTENDLIST}; do\n"
974
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
975
#~ "      break\n"
976
#~ "    fi\n"
977
#~ "  done\n"
978
#~ "\n"
979
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
980
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
981
#~ "done\n"
982
#~ "\n"
983
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
984
#~ "\n"
985
#~ "mkdir -p certs\n"
986
#~ "rm -f certs/*      # Make sure the directory is clean\n"
987
#~ "\n"
988
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
989
#~ "  # Make sure that the cert is trusted...\n"
990
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
991
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
992
#~ "\n"
993
#~ "  if test \"${?}\" = \"0\"; then\n"
994
#~ "    # Throw a meaningful error and remove the file\n"
995
#~ "    cp \"${tempfile}\" tempfile.cer\n"
996
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
997
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
998
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
999
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1000
#~ "    continue\n"
1001
#~ "  fi\n"
1002
#~ "\n"
1003
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1004
#~ "  # Find the cert data and generate a cert file for it\n"
1005
#~ "\n"
1006
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1007
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1008
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1009
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1010
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1011
#~ "  echo \"Created ${keyhash}.pem\"\n"
1012
#~ "done\n"
1013
#~ "\n"
1014
#~ "# Remove blacklisted files\n"
1015
#~ "# MD5 Collision Proof of Concept CA\n"
1016
#~ "if test -f certs/8f111d69.pem; then\n"
1017
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1018
#~ "  rm -f certs/8f111d69.pem\n"
1019
#~ "fi\n"
1020
#~ "\n"
1021
#~ "# Finally, generate the bundle and clean up.\n"
1022
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1023
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1024
#~ "EOF\n"
1025
#~ "\n"
1026
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1027
 
1028
#~ msgid ""
1029
#~ "Add a short script to remove expired certificates from a directory.  Again "
1030
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1031
#~ "user:"
1032
#~ msgstr ""
1033
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
1034
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
1035
#~ "class=\"username\">root</systemitem>&nbsp;:"
1036
 
1037
#~ msgid ""
1038
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1039
#~ "<literal>#!/bin/sh\n"
1040
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1041
#~ "#\n"
1042
#~ "# Version 20120211\n"
1043
#~ "\n"
1044
#~ "# Make sure the date is parsed correctly on all systems\n"
1045
#~ "mydate()\n"
1046
#~ "{\n"
1047
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1048
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1049
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1050
#~ "  local m\n"
1051
#~ "\n"
1052
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1053
#~ "\n"
1054
#~ "  case $M in\n"
1055
#~ "    Jan) m=\"01\";;\n"
1056
#~ "    Feb) m=\"02\";;\n"
1057
#~ "    Mar) m=\"03\";;\n"
1058
#~ "    Apr) m=\"04\";;\n"
1059
#~ "    May) m=\"05\";;\n"
1060
#~ "    Jun) m=\"06\";;\n"
1061
#~ "    Jul) m=\"07\";;\n"
1062
#~ "    Aug) m=\"08\";;\n"
1063
#~ "    Sep) m=\"09\";;\n"
1064
#~ "    Oct) m=\"10\";;\n"
1065
#~ "    Nov) m=\"11\";;\n"
1066
#~ "    Dec) m=\"12\";;\n"
1067
#~ "  esac\n"
1068
#~ "\n"
1069
#~ "  certdate=\"${y}${m}${d}\"\n"
1070
#~ "}\n"
1071
#~ "\n"
1072
#~ "OPENSSL=/usr/bin/openssl\n"
1073
#~ "DIR=/etc/ssl/certs\n"
1074
#~ "\n"
1075
#~ "if [ $# -gt 0 ]; then\n"
1076
#~ "  DIR=\"$1\"\n"
1077
#~ "fi\n"
1078
#~ "\n"
1079
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1080
#~ "today=$( date +%Y%m%d )\n"
1081
#~ "\n"
1082
#~ "for cert in $certs; do\n"
1083
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1084
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1085
#~ "  mydate \"$date\"\n"
1086
#~ "\n"
1087
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1088
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1089
#~ "     rm -f \"${cert}\"\n"
1090
#~ "  fi\n"
1091
#~ "done</literal>\n"
1092
#~ "EOF\n"
1093
#~ "\n"
1094
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1095
#~ msgstr ""
1096
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1097
#~ "<literal>#!/bin/sh\n"
1098
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1099
#~ "#\n"
1100
#~ "# Version 20120211\n"
1101
#~ "\n"
1102
#~ "# Make sure the date is parsed correctly on all systems\n"
1103
#~ "mydate()\n"
1104
#~ "{\n"
1105
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1106
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1107
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1108
#~ "  local m\n"
1109
#~ "\n"
1110
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1111
#~ "\n"
1112
#~ "  case $M in\n"
1113
#~ "    Jan) m=\"01\";;\n"
1114
#~ "    Feb) m=\"02\";;\n"
1115
#~ "    Mar) m=\"03\";;\n"
1116
#~ "    Apr) m=\"04\";;\n"
1117
#~ "    May) m=\"05\";;\n"
1118
#~ "    Jun) m=\"06\";;\n"
1119
#~ "    Jul) m=\"07\";;\n"
1120
#~ "    Aug) m=\"08\";;\n"
1121
#~ "    Sep) m=\"09\";;\n"
1122
#~ "    Oct) m=\"10\";;\n"
1123
#~ "    Nov) m=\"11\";;\n"
1124
#~ "    Dec) m=\"12\";;\n"
1125
#~ "  esac\n"
1126
#~ "\n"
1127
#~ "  certdate=\"${y}${m}${d}\"\n"
1128
#~ "}\n"
1129
#~ "\n"
1130
#~ "OPENSSL=/usr/bin/openssl\n"
1131
#~ "DIR=/etc/ssl/certs\n"
1132
#~ "\n"
1133
#~ "if [ $# -gt 0 ]; then\n"
1134
#~ "  DIR=\"$1\"\n"
1135
#~ "fi\n"
1136
#~ "\n"
1137
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1138
#~ "today=$( date +%Y%m%d )\n"
1139
#~ "\n"
1140
#~ "for cert in $certs; do\n"
1141
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1142
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1143
#~ "  mydate \"$date\"\n"
1144
#~ "\n"
1145
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1146
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1147
#~ "     rm -f \"${cert}\"\n"
1148
#~ "  fi\n"
1149
#~ "done</literal>\n"
1150
#~ "EOF\n"
1151
#~ "\n"
1152
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1153
 
1154
#~ msgid ""
1155
#~ "The following commands will fetch the certificates and convert them to the "
1156
#~ "correct format.  If desired, a web browser may be used instead of "
1157
#~ "<application>wget</application> but the file will need to be saved with the "
1158
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1159
#~ "necessary to update the CA Certificates."
1160
#~ msgstr ""
1161
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1162
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1163
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1164
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1165
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1166
#~ "jour les Certificats CA."
1167
 
1168
#~ msgid ""
1169
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1170
#~ "rm -f certdata.txt &amp;&amp;\n"
1171
#~ "wget $URL          &amp;&amp;\n"
1172
#~ "make-ca.sh         &amp;&amp;\n"
1173
#~ "unset URL</userinput>"
1174
#~ msgstr ""
1175
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1176
#~ "rm -f certdata.txt &amp;&amp;\n"
1177
#~ "wget $URL          &amp;&amp;\n"
1178
#~ "make-ca.sh         &amp;&amp;\n"
1179
#~ "unset URL</userinput>"
1180
 
1181
#~ msgid ""
1182
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1183
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1184
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1185
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1186
#~ "c_rehash                                                     &amp;&amp;\n"
1187
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1188
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1189
#~ "unset SSLDIR</userinput>"
1190
#~ msgstr ""
1191
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1192
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1193
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1194
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1195
#~ "c_rehash                                                     &amp;&amp;\n"
1196
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1197
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1198
#~ "unset SSLDIR</userinput>"
1199
 
1200
#~ msgid "Finally, clean up the current directory:"
1201
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1202
 
1203
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1204
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1205
 
1206
#~ msgid ""
1207
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1208
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1209
#~ "certs'/>."
1210
#~ msgstr ""
1211
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1212
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1213
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1214
 
1215
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1216
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1217
 
1218
#~ msgid "<command>make-cert.pl</command>"
1219
#~ msgstr "<command>make-cert.pl</command>"
1220
 
1221
#~ msgid ""
1222
#~ "is a utility <application>perl</application> script that converts a single "
1223
#~ "binary certificate (.der format) into .pem format."
1224
#~ msgstr ""
1225
#~ "est un script <application>perl</application> qui convertit un certificat "
1226
#~ "binaire unique (format .der) au format .pem."
1227
 
1228
#~ msgid "make-cert"
1229
#~ msgstr "make-cert"
1230
 
1231
#~ msgid "<command>remove-expired-certs.sh</command>"
1232
#~ msgstr "<command>remove-expired-certs.sh</command>"
1233
 
1234
#~ msgid ""
1235
#~ "is a utility shell script that removes expired certificates from a "
1236
#~ "directory.  The default directory is <filename "
1237
#~ "class='directory'>/etc/ssl/certs</filename>."
1238
#~ msgstr ""
1239
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1240
#~ " répertoire par défaut est <filename "
1241
#~ "class='directory'>/etc/ssl/certs</filename>."
1242
 
1243
#~ msgid "remove-expired-certs"
1244
#~ msgstr "remove-expired-certs"