Subversion Repositories svn LFS-FR

Rev

Rev 7718 | Rev 7724 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7355 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
7723 jlepiller 9
"POT-Creation-Date: 2019-01-01 12:05+0000\n"
7718 jlepiller 10
"PO-Revision-Date: 2018-12-29 06:57+0000\n"
7355 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.8\n"
7718 jlepiller 19
"X-POOTLE-MTIME: 1546066623.976555\n"
7355 jlepiller 20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/make-ca.xml:7
23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
25
 
26
#. type: Content of the certpath entity
27
#: blfs-en/postlfs/security/make-ca.xml:8
28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
30
 
31
#. type: Content of the make-ca-buildsize entity
32
#: blfs-en/postlfs/security/make-ca.xml:9
33
msgid "6.6 MB (with all runtime deps)"
34
msgstr "6.6 Mo (avec toutes les dépendances à l'exécution)"
35
 
36
#. type: Content of the make-ca-time entity
37
#: blfs-en/postlfs/security/make-ca.xml:10
7605 jlepiller 38
msgid "0.1 SBU (with all runtime deps)"
39
msgstr "0.1 SBU (avec toutes les dépendances à l'exécution)"
7355 jlepiller 40
 
41
#. type: Content of the make-ca-download entity
42
#: blfs-en/postlfs/security/make-ca.xml:12
43
msgid ""
7687 jlepiller 44
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
45
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 46
msgstr ""
7687 jlepiller 47
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
48
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 49
 
50
#. type: Content of the make-ca-size entity
51
#: blfs-en/postlfs/security/make-ca.xml:13
7687 jlepiller 52
msgid "28 KB"
53
msgstr "28 Ko"
7355 jlepiller 54
 
55
#. type: Content of the make-ca-md5sum entity
56
#: blfs-en/postlfs/security/make-ca.xml:14
7723 jlepiller 57
msgid "417a8ebfb3d6ac4821c1e508a0a3981f"
58
msgstr "417a8ebfb3d6ac4821c1e508a0a3981f"
7355 jlepiller 59
 
60
#. type: Content of: <sect1><sect1info>
61
#: blfs-en/postlfs/security/make-ca.xml:21
7605 jlepiller 62
#| msgid ""
7723 jlepiller 63
#| "<othername>$LastChangedBy: renodr $</othername> <date>$Date: 2018-12-28 "
64
#| "17:37:58 +0000 (Fri, 28 Dec 2018) $</date>"
7355 jlepiller 65
msgid ""
7723 jlepiller 66
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-01-01 10:18:07"
67
" +0000 (Tue, 01 Jan 2019) $</date>"
7355 jlepiller 68
msgstr ""
7723 jlepiller 69
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-01-01 10:18:07"
70
" +0000 (Tue, 01 Jan 2019) $</date>"
7355 jlepiller 71
 
7360 jlepiller 72
#. type: Content of: <sect1><title>
73
#: blfs-en/postlfs/security/make-ca.xml:25
74
msgid "make-ca-&make-ca-version;"
75
msgstr "make-ca-&make-ca-version;"
76
 
7355 jlepiller 77
#. type: Content of:
78
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7360 jlepiller 79
#: blfs-en/postlfs/security/make-ca.xml:27
7687 jlepiller 80
#: blfs-en/postlfs/security/make-ca.xml:210
81
#: blfs-en/postlfs/security/make-ca.xml:227
7355 jlepiller 82
msgid "make-ca"
83
msgstr "make-ca"
84
 
7360 jlepiller 85
#. type: Content of: <sect1><sect2><title>
86
#: blfs-en/postlfs/security/make-ca.xml:31
87
msgid "Introduction to make-ca"
88
msgstr "Introduction à make-ca"
89
 
90
#. type: Content of: <sect1><sect2><para>
91
#: blfs-en/postlfs/security/make-ca.xml:34
7355 jlepiller 92
msgid ""
93
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
94
"an otherwise unknown entity across untrusted networks. PKI works by "
95
"establishing a chain of trust, rather than trusting each individual host or "
96
"entity explicitly. In order for a certificate presented by a remote entity "
97
"to be trusted, that certificate must present a complete chain of "
98
"certificates that can be validated using the root certificate of a "
99
"Certificate Authority (CA) that is trusted by the local machine."
100
msgstr ""
101
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
102
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
103
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
104
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
105
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
106
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
107
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
108
"autorité de certification (CA) en laquelle la machine locale a confiance."
109
 
7360 jlepiller 110
#. type: Content of: <sect1><sect2><para>
111
#: blfs-en/postlfs/security/make-ca.xml:44
7355 jlepiller 112
msgid ""
113
"Establishing trust with a CA involves validating things like company "
114
"address, ownership, contact information, etc., and ensuring that the CA has "
115
"followed best practices, such as undergoing periodic security audits by "
116
"independent investigators and maintaining an always available certificate "
117
"revocation list. This is well outside the scope of BLFS (as it is for most "
118
"Linux distributions). The certificate store provided here is taken from the "
119
"Mozilla Foundation, who have established very strict inclusion policies "
120
"described <ulink url=\"https://www.mozilla.org/en-"
121
"US/about/governance/policies/security-group/certs/\">here</ulink>."
122
msgstr ""
123
"L'établissement de la confiance avec une CA nécessite de valider des choses "
124
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
125
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
126
"audits de sécurité périodiques par des enquêteurs indépendants et le "
127
"maintient d'une liste de révocation de certificats toujours disponible. Ceci"
128
" est bien au delà de la portée de BLFS (comme pour la plupart des "
129
"distributions Linux). Le magasin de certificats fournit ici est emprunté à "
130
"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"
131
" décrite <ulink url=\"https://www.mozilla.org/en-"
132
"US/about/governance/policies/security-group/certs/\">ici</ulink>."
133
 
134
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 135
#: blfs-en/postlfs/security/make-ca.xml:57
7355 jlepiller 136
msgid "Package Information"
137
msgstr "Informations sur le paquet"
138
 
139
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 140
#: blfs-en/postlfs/security/make-ca.xml:60
7355 jlepiller 141
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
142
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
143
 
144
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 145
#: blfs-en/postlfs/security/make-ca.xml:63
7355 jlepiller 146
msgid "Download size: &make-ca-size;"
147
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
148
 
149
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 150
#: blfs-en/postlfs/security/make-ca.xml:66
7355 jlepiller 151
msgid "Download MD5 Sum: &make-ca-md5sum;"
152
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
153
 
154
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 155
#: blfs-en/postlfs/security/make-ca.xml:69
7355 jlepiller 156
msgid "Estimated disk space required: &make-ca-buildsize;"
157
msgstr "Estimation de l'espace disque requis&nbsp;: &make-ca-buildsize;"
158
 
159
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 160
#: blfs-en/postlfs/security/make-ca.xml:72
7355 jlepiller 161
msgid "Estimated build time: &make-ca-time;"
162
msgstr "Estimation du temps de construction&nbsp;: &make-ca-time;"
163
 
164
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 165
#: blfs-en/postlfs/security/make-ca.xml:76
7355 jlepiller 166
msgid "make-ca Dependencies"
167
msgstr "Dépendances de make-ca"
168
 
169
#. type: Content of: <sect1><sect2><bridgehead>
7605 jlepiller 170
#: blfs-en/postlfs/security/make-ca.xml:78
7630 jlepiller 171
msgid "Required"
172
msgstr "Requises"
7605 jlepiller 173
 
174
#. type: Content of: <sect1><sect2><para>
175
#: blfs-en/postlfs/security/make-ca.xml:79
176
msgid ""
177
"<xref linkend=\"p11-kit\"/> (required at runtime to generate certificate "
178
"stores from trust anchors)"
179
msgstr ""
180
"<xref linkend=\"p11-kit\"/> (requis à l'exécution pour générer des banques "
181
"de certificats à partir d'ancres de confiance)"
182
 
183
#. type: Content of: <sect1><sect2><bridgehead>
7630 jlepiller 184
#: blfs-en/postlfs/security/make-ca.xml:83
7355 jlepiller 185
msgid "Optional (runtime)"
186
msgstr "Facultatives (exécution)"
187
 
188
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 189
#: blfs-en/postlfs/security/make-ca.xml:85
7355 jlepiller 190
msgid ""
191
"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "
7605 jlepiller 192
"linkend=\"openjdk\"/> (to generate a java PKCS#12 store), and <xref "
193
"role=\"runtime\" linkend=\"nss\"/> (to generate a shared NSSDB)"
7355 jlepiller 194
msgstr ""
195
"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "
7605 jlepiller 196
"linkend=\"openjdk\"/> (pour générer une banque PKCS#12 java) et <xref "
197
"role=\"runtime\" linkend=\"nss\"/> (pour générer un NSSDB partagé)"
7355 jlepiller 198
 
199
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 200
#: blfs-en/postlfs/security/make-ca.xml:91
7355 jlepiller 201
msgid "User Notes: <ulink url='&blfs-wiki;/make-ca'/>"
202
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/make-ca'/>"
203
 
204
#. type: Content of: <sect1><sect2><title>
7630 jlepiller 205
#: blfs-en/postlfs/security/make-ca.xml:96
7355 jlepiller 206
msgid "Installation of make-ca"
207
msgstr "Installation de make-ca"
208
 
209
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 210
#: blfs-en/postlfs/security/make-ca.xml:98
7355 jlepiller 211
msgid ""
212
"The <application>make-ca</application> script will download and process the "
213
"certificates included in the <filename>certdata.txt</filename> file for use "
7605 jlepiller 214
"as trust anchors for the <xref linkend=\"p11-kit\"/> trust module. "
215
"Additionally, it will generate system certificate stores used by BLFS "
216
"applications (if the recommended and optional applications are present on "
217
"the system). Any local certificates stored in "
218
"<filename>/etc/ssl/local</filename> will be imported to both the trust "
219
"anchors and the generated certificate stores (overriding Mozilla's trust).  "
220
"Certificates in this directory should be stored as PEM encoded "
7355 jlepiller 221
"<application>OpenSSL</application> trusted certificates."
222
msgstr ""
7605 jlepiller 223
"Le script <application>make-ca</application> téléchargera et adaptera les "
224
"certificats inclus dans le fichier <filename>certdata.txt</filename> pour "
225
"l'utiliser comme ancre de confiance dans le module de confiance de <xref "
226
"linkend=\"p11-kit\"/>. En plus, il générera les banques de certificats du "
227
"système utilisées par les application de BLFS (si les applications "
228
"recommandées et facultatives sont présentes sur le système). Tout certificat"
229
" local stocké dans <filename>/etc/ssl/local</filename> sera importé dans les"
230
" ancres de confiance et dans les banques de certificats générées (en "
231
"remplaçant la confiance de Mozilla). Les certificats de ce répertoire "
232
"doivent être stockés sous forme de certificats de confiance "
233
"<application>OpenSSL</application> encodé en PEM."
7355 jlepiller 234
 
235
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 236
#: blfs-en/postlfs/security/make-ca.xml:109
7355 jlepiller 237
msgid ""
238
"To create an <application>OpenSSL</application> trusted certificate from a "
239
"regular PEM encoded file, you need to add trust arguments to the "
240
"<command>openssl</command> command, and create a new certificate. There are "
241
"three trust types that are recognized by the <application>make-"
242
"ca</application> script, SSL/TLS, S/Mime, and code signing. For example, "
243
"using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> roots, if you"
244
" want to trust both for all three roles, the following commands will create "
245
"appropriate OpenSSL trusted certificates (run as the <systemitem "
7684 jlepiller 246
"class=\"username\">root</systemitem> user after <xref linkend=\"wget\"/> is "
247
"installed):"
7355 jlepiller 248
msgstr ""
249
"Pour créer un certificat de confiance <application>OpenSSL</application> "
250
"depuis un fichier normal encodé en PEM, vous devrez ajouter des arguments "
251
"«&nbsp;trust&nbsp;» à la commande <command>openssl</command> et créer un "
252
"nouveau certificat. Il y a trois types de confiances reconnues par le script"
253
" <application>make-ca</application>&nbsp;: SSL/TLS, S/Mime et la signature "
254
"de code. Par exemple, si vous souhaitez utiliser les racines <ulink "
255
"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "
256
"confiance pour ces trois rôles, les commandes suivantes créeront des "
257
"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "
7692 jlepiller 258
"<systemitem class=\"username\">root</systemitem> après l'installation de "
259
"<xref linkend=\"wget\"/>)&nbsp;:"
7355 jlepiller 260
 
261
#. type: Content of: <sect1><sect2><screen>
7684 jlepiller 262
#: blfs-en/postlfs/security/make-ca.xml:121
7355 jlepiller 263
#, no-wrap
264
msgid ""
265
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
266
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
267
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
268
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
269
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
270
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
271
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
272
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
273
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
274
msgstr ""
275
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
276
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
277
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
278
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
279
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
280
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
281
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
282
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
283
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
284
 
285
#. type: Content of: <sect1><sect2><para>
7684 jlepiller 286
#: blfs-en/postlfs/security/make-ca.xml:131
7355 jlepiller 287
msgid ""
288
"If one of the three trust arguments is omitted, the certificate is neither "
289
"trusted, nor rejected for that role. Clients that use "
290
"<application>OpenSSL</application> or <application>NSS</application> "
291
"encountering this certificate will present a warning to the user. Clients "
292
"using <application>GnuTLS</application> without "
293
"<application>p11-kit</application> support are not aware of trusted "
294
"certificates. To include this CA into the ca-bundle.crt (used for "
295
"<application>GnuTLS</application>), it must have <envar>serverAuth</envar> "
296
"trust. Additionally, to explicitly disallow a certificate for a particular "
297
"use, replace the <parameter>-addtrust</parameter> flag with the "
298
"<parameter>-addreject</parameter> flag."
299
msgstr ""
300
"Si un argument trust en omis, le certificat n'est ni reconnu ni rejeté pour "
301
"ce rôle. Les clients qui utilisent <application>OpenSSL</application> ou "
302
"<application>NSS</application> rencontrant ce certificat renverront un "
303
"avertissement à l'utilisateur . Les clients qui utilisent "
304
"<application>GnuTLS</application> sans le support de "
305
"<application>p11-kit</application> ne sont pas conscient des certificats de "
306
"confiance. Pour inclure cette CA dans le fichier ca-bundle.crt (utilisé par "
307
"<application>GnuTLS</application>), il doit avoir la confiance "
308
"<envar>serverAuth</envar>. De plus, pour interdire un certificat pour une "
309
"utilisation particulière, remplacez le paramètre "
310
"<parameter>-addtrust</parameter> par le paramètre "
311
"<parameter>-addreject</parameter>."
312
 
313
#. type: Content of: <sect1><sect2><para>
7684 jlepiller 314
#: blfs-en/postlfs/security/make-ca.xml:143
7355 jlepiller 315
msgid ""
316
"To install the various certificate stores, first install the "
317
"<application>make-ca</application> script into the correct location.  As the"
318
" <systemitem class=\"username\">root</systemitem> user:"
319
msgstr ""
320
"Pour installer les divers magasins de certificats, installez le script "
321
"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "
322
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
323
 
324
#. type: Content of: <sect1><sect2><screen>
7684 jlepiller 325
#: blfs-en/postlfs/security/make-ca.xml:147
7355 jlepiller 326
#, no-wrap
7687 jlepiller 327
msgid "<userinput>make install</userinput>"
328
msgstr "<userinput>make install</userinput>"
7355 jlepiller 329
 
330
#. type: Content of: <sect1><sect2><para>
7687 jlepiller 331
#: blfs-en/postlfs/security/make-ca.xml:149
7355 jlepiller 332
msgid ""
7605 jlepiller 333
"As the <systemitem class=\"username\">root</systemitem> user, after "
334
"installing <xref linkend=\"p11-kit\"/>, download the certificate source and "
335
"prepare for system use with the following command:"
7355 jlepiller 336
msgstr ""
337
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
7605 jlepiller 338
"après l'installation de <xref linkend=\"p11-kit\"/>, téléchargez la banque "
339
"de certificats et préparez-la à être utilisée par le système avec la "
340
"commande suivante&nbsp;:"
7355 jlepiller 341
 
342
#. type: Content of: <sect1><sect2><note><para>
7687 jlepiller 343
#: blfs-en/postlfs/security/make-ca.xml:154
7355 jlepiller 344
msgid ""
345
"If running the script a second time with the same version of "
346
"<filename>certdata.txt</filename>, for instance, to add additional stores as"
7605 jlepiller 347
" the requisite software is installed, add the <parameter>-r</parameter> "
7355 jlepiller 348
"switch to the command line. If packaging, run <command>make-ca "
349
"--help</command> to see all available command line options."
350
msgstr ""
351
"Si vous lancez le script une deuxième fois avec la même version de "
7605 jlepiller 352
"<filename>certdata.txt</filename>, par exemple pour ajouter des banques "
7355 jlepiller 353
"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "
7605 jlepiller 354
"<parameter>-r</parameter> à la ligne de commande. Si vous créez un paquet, "
7355 jlepiller 355
"lancez <command>make-ca --help</command> pour voir toutes les options de la "
356
"ligne de commande disponibles."
357
 
358
#. type: Content of: <sect1><sect2><screen>
7687 jlepiller 359
#: blfs-en/postlfs/security/make-ca.xml:161
7355 jlepiller 360
#, no-wrap
7465 jlepiller 361
msgid "<userinput>/usr/sbin/make-ca -g</userinput>"
362
msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"
7355 jlepiller 363
 
364
#. type: Content of: <sect1><sect2><para>
7687 jlepiller 365
#: blfs-en/postlfs/security/make-ca.xml:164
7355 jlepiller 366
msgid ""
7716 jlepiller 367
"Previous versions of BLFS used the path <filename>/etc/ssl/ca-"
7687 jlepiller 368
"bundle.crt</filename> for the <xref linkend=\"gnutls\"/> certificate store. "
369
"If software is still installed that references this file, create a "
370
"compatibilty symlink for the old location as the <systemitem "
371
"class=\"username\">root</systemitem> user:"
372
msgstr ""
7692 jlepiller 373
"Les versions précédentes de BLFS utilisaient le chemin "
374
"<filename>/etc/ssl/ca-bundle.crt</filename> pour le dépôt des certificats de"
375
" <xref linkend=\"gnutls\"/>. Si des logiciels référençant ce fichier sont "
376
"toujours installés, créez un lien symbolique de compatibilité pour l'ancien "
377
"emplacement en tant qu'utilisateur <systemitem "
378
"class=\"username\">root</systemitem>&nbsp;:"
7687 jlepiller 379
 
380
#. type: Content of: <sect1><sect2><screen>
381
#: blfs-en/postlfs/security/make-ca.xml:170
382
#, no-wrap
383
msgid ""
384
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \\\n"
385
"        /etc/ssl/ca-bundle.crt</userinput>"
386
msgstr ""
387
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \\\n"
388
"        /etc/ssl/ca-bundle.crt</userinput>"
389
 
390
#. type: Content of: <sect1><sect2><para>
391
#: blfs-en/postlfs/security/make-ca.xml:173
392
msgid ""
7355 jlepiller 393
"You should periodically update the store with the above command either "
394
"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "
395
"revision=\"systemd\">systemd timer. A timer is installed at "
396
"<filename>/etc/systemd/system/update-pki.timer</filename> that, if enabled, "
397
"will check for updates weekly.</phrase>"
398
msgstr ""
399
"Vous devriez mettre à jour régulièrement le magasin avec la commande ci-"
400
"dessus soit manuellement, soit via <phrase revision=\"sysv\">une tâche "
401
"cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer est "
402
"installé dans <filename>/etc/systemd/system/update-pki.timer</filename> et "
403
"s'il est activé, il vérifiera les mises à jour une fois par "
404
"semaine.</phrase>"
405
 
7687 jlepiller 406
#. type: Content of: <sect1><sect2><title>
407
#: blfs-en/postlfs/security/make-ca.xml:182
408
msgid "Configuring make-ca"
409
msgstr "Configuration de make-ca"
410
 
7355 jlepiller 411
#. type: Content of: <sect1><sect2><para>
7687 jlepiller 412
#: blfs-en/postlfs/security/make-ca.xml:184
7355 jlepiller 413
msgid ""
7687 jlepiller 414
"Genearally, no configuration is necessary on an LFS system, however, the "
415
"default <filename>certdata.txt</filename> file provided by make-ca is "
7355 jlepiller 416
"obtained from the mozilla-release branch, and is modified to provide a "
7687 jlepiller 417
"Mercurial revision. This will be the correct version for most systems.  "
418
"There are several other variants of the file available for use that might be"
419
" preferred for one reason or another, including the files shipped with "
420
"Mozilla products in this book. RedHat and OpenSUSE, for instance, use the "
421
"version included in <xref linkend=\"nss\"/>. Additional upstream downloads "
422
"are available at the links included in <filename>/etc/make-"
423
"ca.conf.dist</filename>. Simply copy the file to <filename>/etc/make-"
424
"ca.conf</filename> and edit as appropriate."
7355 jlepiller 425
msgstr ""
7692 jlepiller 426
"Généralement, aucune configuration n'est nécessaire sur un système LFS, "
427
"cependant le fichier <filename>certdata.txt</filename> fournit par make-ca "
428
"est obtenu à partir de la branche mozilla-release, et est modifié pour "
429
"fournir une révision Mercurial. Ce sera la bonne version pour la plupart des"
430
" systèmes. Il y a plusieurs variantes du fichier disponibles à l'utilisation"
431
" que vous pourriez préférer pour une raison ou une autre, incluses dans les "
432
"produits Mozilla dans ce livre. RedHat et OpenSUSE par exemple utilisent la "
433
"version incluse dans <xref linkend=\"nss\"/>. Des emplacements de "
434
"téléchargement supplémentaires sont disponibles dans les liens inclus dans "
435
"<filename>/etc/make-ca.conf.dist</filename>. Copiez simplement ce fichier "
436
"vers <filename>/etc/make-ca.conf</filename> et modifiez-le comme vous le "
437
"voulez."
7355 jlepiller 438
 
7687 jlepiller 439
#. type: Content of: <sect1><sect2><indexterm><primary>
440
#: blfs-en/postlfs/security/make-ca.xml:197
441
msgid "/etc/make-ca.conf"
442
msgstr "/etc/make-ca.conf"
7355 jlepiller 443
 
7687 jlepiller 444
#. type: Content of: <sect1><sect2><title>
7684 jlepiller 445
#: blfs-en/postlfs/security/make-ca.xml:203
7355 jlepiller 446
msgid "Contents"
447
msgstr "Contenu"
448
 
449
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7687 jlepiller 450
#: blfs-en/postlfs/security/make-ca.xml:206
7355 jlepiller 451
msgid "Installed Programs"
452
msgstr "Programmes installés"
453
 
454
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7687 jlepiller 455
#: blfs-en/postlfs/security/make-ca.xml:207
7355 jlepiller 456
msgid "Installed Directories"
457
msgstr "Répertoires installés"
458
 
459
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7687 jlepiller 460
#: blfs-en/postlfs/security/make-ca.xml:211
7355 jlepiller 461
msgid "/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}"
462
msgstr "/etc/ssl/{certs,java,local} et /etc/pki/{nssdb,anchors}"
463
 
464
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
7687 jlepiller 465
#: blfs-en/postlfs/security/make-ca.xml:216
7355 jlepiller 466
msgid "Short Descriptions"
467
msgstr "Descriptions courtes"
468
 
469
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
7687 jlepiller 470
#: blfs-en/postlfs/security/make-ca.xml:221
7355 jlepiller 471
msgid "<command>make-ca</command>"
472
msgstr "<command>make-ca</command>"
473
 
474
#. type: Content of:
475
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
7687 jlepiller 476
#: blfs-en/postlfs/security/make-ca.xml:223
7355 jlepiller 477
msgid ""
478
"is a shell script that adapts a current version of "
479
"<filename>certdata.txt</filename>, and prepares it for use as the system "
7605 jlepiller 480
"trust store."
7355 jlepiller 481
msgstr ""
482
"est un script shell qui adapte une version actuelle de "
7605 jlepiller 483
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme banque"
484
" de confiance du système."
7355 jlepiller 485
 
7723 jlepiller 486
#~ msgid "b038d38233f970aad60c29dfc0502021"
487
#~ msgstr "b038d38233f970aad60c29dfc0502021"
488
 
7687 jlepiller 489
#~ msgid "36 KB"
490
#~ msgstr "36 Ko"
7660 jlepiller 491
 
7687 jlepiller 492
#~ msgid "0eeaf712eedeae4fa55d8bfa37f4ca32"
493
#~ msgstr "0eeaf712eedeae4fa55d8bfa37f4ca32"
494
 
495
#~ msgid ""
496
#~ "Mozilla Release (the version provided by BLFS): <ulink "
497
#~ "url=\"&certhost;releases/mozilla-release/raw-"
498
#~ "file/default/security/nss&certpath;\"/>"
499
#~ msgstr ""
500
#~ "Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
501
#~ "url=\"&certhost;releases/mozilla-release/raw-"
502
#~ "file/default/security/nss&certpath;\"/>"
503
 
504
#~ msgid ""
505
#~ "NSS (this is the latest available version): <ulink "
506
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
507
#~ msgstr ""
508
#~ "NSS (c'est la dernière version disponible)&nbsp;: <ulink "
509
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
510
 
511
#~ msgid ""
512
#~ "Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
513
#~ "file/default/security/nss&certpath;\"/>"
514
#~ msgstr ""
515
#~ "Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
516
#~ "file/default/security/nss&certpath;\"/>"
517
 
518
#~ msgid ""
519
#~ "Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
520
#~ "file/default/security/nss&certpath;\"/>"
521
#~ msgstr ""
522
#~ "Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
523
#~ "file/default/security/nss&certpath;\"/>"
524
 
525
#~ msgid ""
526
#~ "Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
527
#~ "file/default/security/nss&certpath;\"/>"
528
#~ msgstr ""
529
#~ "Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
530
#~ "file/default/security/nss&certpath;\"/>"
531
 
532
#~ msgid "Installed Libraries"
533
#~ msgstr "Bibliothèques installées"
534
 
535
#~ msgid "None"
536
#~ msgstr "Aucune"
537
 
7630 jlepiller 538
#~ msgid "Recommended"
539
#~ msgstr "Recommandées"
540
 
7605 jlepiller 541
#~ msgid "1f0176c4fa89274971b2826a97f303f7"
542
#~ msgstr "1f0176c4fa89274971b2826a97f303f7"
543
 
7465 jlepiller 544
#~ msgid "4f180b9bf3b11f29d6a79e6022aeae23"
545
#~ msgstr "4f180b9bf3b11f29d6a79e6022aeae23"
7409 jlepiller 546
 
7465 jlepiller 547
#~ msgid ""
548
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
549
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
550
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
551
#~ "/usr/sbin/make-ca -g</userinput>"
552
#~ msgstr ""
553
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
554
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
555
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
556
#~ "/usr/sbin/make-ca -g</userinput>"
557
 
558
#~ msgid ""
559
#~ "The <command>sed</command> command works around missing quotes in "
560
#~ "<command>c_rehash</command> from openssl-1.1.0h and can be safely rerun (the"
561
#~ " \" inserted the first time will prevent matches on subsequent runs)."
562
#~ msgstr ""
563
#~ "La commande <command>sed</command> contourne le manque de guillemets dans "
564
#~ "<command>c_rehash</command> d'openssl-1.1.0h et peut être relancé sans "
565
#~ "problème (le \" inséré la première fois évitera une correspondance sur les "
566
#~ "lancements suivants)."
567
 
7355 jlepiller 568
#~ msgid "Certificate Authority Certificates"
569
#~ msgstr "Certificats d'autorité de certification"
570
 
571
#~ msgid "Certificate Authority Certificates Dependencies"
572
#~ msgstr "Dépendances de Certificate Authority Certificates"
573
 
574
#~ msgid "Installation of Certificate Authority Certificates"
575
#~ msgstr "Installation de Certificate Authority Certificates"
576
 
577
#~ msgid "851f9e267f343c54db8caa87ec5b3d75"
578
#~ msgstr "851f9e267f343c54db8caa87ec5b3d75"
579
 
580
#~ msgid "<xref linkend=\"openssl\"/>"
581
#~ msgstr "<xref linkend=\"openssl\"/>"
582
 
583
#~ msgid "32 KB"
584
#~ msgstr "32 Ko"
585
 
586
#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"
587
#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"
588
 
589
#~ msgid "&sources-anduin-http;/other/certdata.txt"
590
#~ msgstr "&sources-anduin-http;/other/certdata.txt"
591
 
592
#~ msgid "1.6 MB"
593
#~ msgstr "1.6 Mo"
594
 
595
#~ msgid "24 KB"
596
#~ msgstr "24 Ko"
597
 
598
#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"
599
#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"
600
 
601
#~ msgid "Additional Downloads"
602
#~ msgstr "Téléchargements supplémentaires"
603
 
604
#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
605
#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
606
 
607
#~ msgid ""
608
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
609
#~ "ca.sh</userinput>"
610
#~ msgstr ""
611
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
612
#~ "ca.sh</userinput>"
613
 
614
#~ msgid ""
615
#~ "You should periodically download a copy of <filename>certdata.txt</filename>"
616
#~ " and run the <application>make-ca.sh</application> script (as the "
617
#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "
618
#~ "monthly <application>cron</application> job to ensure that you have the "
619
#~ "latest available version of the certificates."
620
#~ msgstr ""
621
#~ "Vous devriez télécharger régulièrement une copie de "
622
#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"
623
#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "
624
#~ "class=\"username\">root</systemitem>), ou en tant que tâche "
625
#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "
626
#~ "dernière version disponible des certificats."
627
 
628
#~ msgid "make-ca.sh"
629
#~ msgstr "make-ca.sh"
630
 
631
#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"
632
#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"
633
 
634
#~ msgid "11 KB"
635
#~ msgstr "11 Ko"
636
 
637
#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"
638
#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"
639
 
640
#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"
641
#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"
642
 
643
#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"
644
#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"
645
 
646
#~ msgid "9e416981cd153d8923e06dc8e39ac534"
647
#~ msgstr "9e416981cd153d8923e06dc8e39ac534"
648
 
649
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
650
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
651
 
652
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
653
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
654
 
655
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
656
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
657
 
658
#~ msgid "1.4 MB"
659
#~ msgstr "1.4 Mo"
660
 
661
#~ msgid "0.1 SBU"
662
#~ msgstr "0.1 SBU"
663
 
664
#~ msgid ""
665
#~ "The Public Key Infrastructure is used for many security features in a Linux "
666
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
667
#~ "trusted agent called a Certificate Authority (CA). The certificates "
668
#~ "installed in this section are obtained from the Mozilla version control "
669
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
670
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
671
#~ " either directly or indirectly by linking to one of these packages."
672
#~ msgstr ""
673
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
674
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
675
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
676
#~ "agent de confiance, qu'on appelle l'autorité de certification "
677
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
678
#~ "certificats chargés dans cette section sont issus de la liste du système de "
679
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
680
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
681
#~ "également être utilisés par d'autres applications, directement ou "
682
#~ "indirectement via <application>openssl</application>."
683
 
684
#~ msgid ""
685
#~ "The <application>make-ca.sh</application> script will download a set of "
686
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
687
#~ "release) in the Mozialla version control system. It defaults to the release "
688
#~ "branch, which is identical to the version that ships with the Mozilla "
689
#~ "products in this book. If you'd like to change the branch that is retrieved,"
690
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
691
#~ "above."
692
#~ msgstr ""
693
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
694
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
695
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
696
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
697
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
698
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
699
#~ "l'une des cinq valeurs ci-dessus."
700
 
701
#~ msgid ""
702
#~ "Additionally, any local certificates stored in "
703
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
704
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
705
#~ "<application>gnutls</application>), and into the certificate store directory"
706
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
707
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
708
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
709
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
710
#~ " upon successful completion of this script."
711
#~ msgstr ""
712
#~ "De plus, tout certificat local stocké dans "
713
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
714
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
715
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
716
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
717
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
718
#~ "certificats passeront un test de validation de leur date et de leur "
719
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
720
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
721
#~ " la fin de ce script si tout va bien."
722
 
723
#~ msgid ""
724
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
725
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
726
#~ "<filename>/etc/ssl/java/cacerts</filename>."
727
#~ msgstr ""
728
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
729
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
730
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
731
 
732
#~ msgid ""
733
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
734
#~ "/usr/sbin/make-ca.sh\n"
735
#~ "</userinput>"
736
#~ msgstr ""
737
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
738
#~ "/usr/sbin/make-ca.sh\n"
739
#~ "</userinput>"
740
 
741
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
742
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
743
 
744
#~ msgid "6 MB"
745
#~ msgstr "6 Mo"
746
 
747
#~ msgid ""
748
#~ "The certfile.txt file above is actually retrieved from <ulink "
749
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
750
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
751
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
752
#~ " HTML file.  The Download URL above automates that process and also adds a "
753
#~ "line where the date can be extracted as a revision number by the scripts "
754
#~ "below."
755
#~ msgstr ""
756
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
757
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
758
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
759
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
760
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
761
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
762
#~ " par le script."
763
 
764
#~ msgid ""
765
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
766
#~ "<literal>#!/usr/bin/perl -w\n"
767
#~ "\n"
768
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
769
#~ "# Run as ./make-cert.pl > certificate.crt\n"
770
#~ "#\n"
771
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
772
#~ "#\n"
773
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
774
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
775
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
776
#~ "#\n"
777
#~ "# Authors: DJ Lucas\n"
778
#~ "#          Bruce Dubbs\n"
779
#~ "#\n"
780
#~ "# Version 20120211\n"
781
#~ "\n"
782
#~ "my $certdata = './tempfile.cer';\n"
783
#~ "\n"
784
#~ "open( IN, \"cat $certdata|\" )\n"
785
#~ "    || die \"could not open $certdata\";\n"
786
#~ "\n"
787
#~ "my $incert = 0;\n"
788
#~ "\n"
789
#~ "while ( &lt;IN&gt; )\n"
790
#~ "{\n"
791
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
792
#~ "    {\n"
793
#~ "        $incert = 1;\n"
794
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
795
#~ "            || die \"could not pipe to openssl x509\";\n"
796
#~ "    }\n"
797
#~ "\n"
798
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
799
#~ "    {\n"
800
#~ "        close( OUT );\n"
801
#~ "        $incert = 0;\n"
802
#~ "        print \"\\n\\n\";\n"
803
#~ "    }\n"
804
#~ "\n"
805
#~ "    elsif ($incert)\n"
806
#~ "    {\n"
807
#~ "        my @bs = split( /\\\\/ );\n"
808
#~ "        foreach my $b (@bs)\n"
809
#~ "        {\n"
810
#~ "            chomp $b;\n"
811
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
812
#~ "        }\n"
813
#~ "    }\n"
814
#~ "}</literal>\n"
815
#~ "EOF\n"
816
#~ "\n"
817
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
818
#~ msgstr ""
819
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
820
#~ "<literal>#!/usr/bin/perl -w\n"
821
#~ "\n"
822
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
823
#~ "# Run as ./make-cert.pl > certificate.crt\n"
824
#~ "#\n"
825
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
826
#~ "#\n"
827
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
828
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
829
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
830
#~ "#\n"
831
#~ "# Authors: DJ Lucas\n"
832
#~ "#          Bruce Dubbs\n"
833
#~ "#\n"
834
#~ "# Version 20120211\n"
835
#~ "\n"
836
#~ "my $certdata = './tempfile.cer';\n"
837
#~ "\n"
838
#~ "open( IN, \"cat $certdata|\" )\n"
839
#~ "    || die \"could not open $certdata\";\n"
840
#~ "\n"
841
#~ "my $incert = 0;\n"
842
#~ "\n"
843
#~ "while ( &lt;IN&gt; )\n"
844
#~ "{\n"
845
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
846
#~ "    {\n"
847
#~ "        $incert = 1;\n"
848
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
849
#~ "            || die \"could not pipe to openssl x509\";\n"
850
#~ "    }\n"
851
#~ "\n"
852
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
853
#~ "    {\n"
854
#~ "        close( OUT );\n"
855
#~ "        $incert = 0;\n"
856
#~ "        print \"\\n\\n\";\n"
857
#~ "    }\n"
858
#~ "\n"
859
#~ "    elsif ($incert)\n"
860
#~ "    {\n"
861
#~ "        my @bs = split( /\\\\/ );\n"
862
#~ "        foreach my $b (@bs)\n"
863
#~ "        {\n"
864
#~ "            chomp $b;\n"
865
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
866
#~ "        }\n"
867
#~ "    }\n"
868
#~ "}</literal>\n"
869
#~ "EOF\n"
870
#~ "\n"
871
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
872
 
873
#~ msgid ""
874
#~ "The following script creates the certificates and a bundle of all the "
875
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
876
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
877
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
878
#~ "user:"
879
#~ msgstr ""
880
#~ "Le script suivant crée les certificats et un bouquet de tous les "
881
#~ "certificats. Il crée un répertoire <filename "
882
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
883
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
884
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
885
 
886
#~ msgid ""
887
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
888
#~ "<literal>#!/bin/sh\n"
889
#~ "# Begin make-ca.sh\n"
890
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
891
#~ "#\n"
892
#~ "# The file certdata.txt must exist in the local directory\n"
893
#~ "# Version number is obtained from the version of the data.\n"
894
#~ "#\n"
895
#~ "# Authors: DJ Lucas\n"
896
#~ "#          Bruce Dubbs\n"
897
#~ "#\n"
898
#~ "# Version 20120211\n"
899
#~ "\n"
900
#~ "# Some data in the certs have UTF-8 characters\n"
901
#~ "export LANG=en_US.utf8\n"
902
#~ "\n"
903
#~ "certdata=\"certdata.txt\"\n"
904
#~ "\n"
905
#~ "if [ ! -r $certdata ]; then\n"
906
#~ "  echo \"$certdata must be in the local directory\"\n"
907
#~ "  exit 1\n"
908
#~ "fi\n"
909
#~ "\n"
910
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
911
#~ "\n"
912
#~ "if [ -z \"${REVISION}\" ]; then\n"
913
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
914
#~ "  exit 1\n"
915
#~ "fi\n"
916
#~ "\n"
917
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
918
#~ "\n"
919
#~ "TEMPDIR=$(mktemp -d)\n"
920
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
921
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
922
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
923
#~ "SSLDIR=\"/etc/ssl\"\n"
924
#~ "\n"
925
#~ "mkdir \"${TEMPDIR}/certs\"\n"
926
#~ "\n"
927
#~ "# Get a list of starting lines for each cert\n"
928
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
929
#~ "\n"
930
#~ "# Get a list of ending lines for each cert\n"
931
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
932
#~ "\n"
933
#~ "# Start a loop\n"
934
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
935
#~ "  for certend in ${CERTENDLIST}; do\n"
936
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
937
#~ "      break\n"
938
#~ "    fi\n"
939
#~ "  done\n"
940
#~ "\n"
941
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
942
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
943
#~ "done\n"
944
#~ "\n"
945
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
946
#~ "\n"
947
#~ "mkdir -p certs\n"
948
#~ "rm -f certs/*      # Make sure the directory is clean\n"
949
#~ "\n"
950
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
951
#~ "  # Make sure that the cert is trusted...\n"
952
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
953
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
954
#~ "\n"
955
#~ "  if test \"${?}\" = \"0\"; then\n"
956
#~ "    # Throw a meaningful error and remove the file\n"
957
#~ "    cp \"${tempfile}\" tempfile.cer\n"
958
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
959
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
960
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
961
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
962
#~ "    continue\n"
963
#~ "  fi\n"
964
#~ "\n"
965
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
966
#~ "  # Find the cert data and generate a cert file for it\n"
967
#~ "\n"
968
#~ "  cp \"${tempfile}\" tempfile.cer\n"
969
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
970
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
971
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
972
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
973
#~ "  echo \"Created ${keyhash}.pem\"\n"
974
#~ "done\n"
975
#~ "\n"
976
#~ "# Remove blacklisted files\n"
977
#~ "# MD5 Collision Proof of Concept CA\n"
978
#~ "if test -f certs/8f111d69.pem; then\n"
979
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
980
#~ "  rm -f certs/8f111d69.pem\n"
981
#~ "fi\n"
982
#~ "\n"
983
#~ "# Finally, generate the bundle and clean up.\n"
984
#~ "cat certs/*.pem >  ${BUNDLE}\n"
985
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
986
#~ "EOF\n"
987
#~ "\n"
988
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
989
#~ msgstr ""
990
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
991
#~ "<literal>#!/bin/sh\n"
992
#~ "# Begin make-ca.sh\n"
993
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
994
#~ "#\n"
995
#~ "# The file certdata.txt must exist in the local directory\n"
996
#~ "# Version number is obtained from the version of the data.\n"
997
#~ "#\n"
998
#~ "# Authors: DJ Lucas\n"
999
#~ "#          Bruce Dubbs\n"
1000
#~ "#\n"
1001
#~ "# Version 20120211\n"
1002
#~ "\n"
1003
#~ "# Some data in the certs have UTF-8 characters\n"
1004
#~ "export LANG=en_US.utf8\n"
1005
#~ "\n"
1006
#~ "certdata=\"certdata.txt\"\n"
1007
#~ "\n"
1008
#~ "if [ ! -r $certdata ]; then\n"
1009
#~ "  echo \"$certdata must be in the local directory\"\n"
1010
#~ "  exit 1\n"
1011
#~ "fi\n"
1012
#~ "\n"
1013
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1014
#~ "\n"
1015
#~ "if [ -z \"${REVISION}\" ]; then\n"
1016
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1017
#~ "  exit 1\n"
1018
#~ "fi\n"
1019
#~ "\n"
1020
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1021
#~ "\n"
1022
#~ "TEMPDIR=$(mktemp -d)\n"
1023
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1024
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1025
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1026
#~ "SSLDIR=\"/etc/ssl\"\n"
1027
#~ "\n"
1028
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1029
#~ "\n"
1030
#~ "# Get a list of starting lines for each cert\n"
1031
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1032
#~ "\n"
1033
#~ "# Get a list of ending lines for each cert\n"
1034
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1035
#~ "\n"
1036
#~ "# Start a loop\n"
1037
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1038
#~ "  for certend in ${CERTENDLIST}; do\n"
1039
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1040
#~ "      break\n"
1041
#~ "    fi\n"
1042
#~ "  done\n"
1043
#~ "\n"
1044
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1045
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1046
#~ "done\n"
1047
#~ "\n"
1048
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1049
#~ "\n"
1050
#~ "mkdir -p certs\n"
1051
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1052
#~ "\n"
1053
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1054
#~ "  # Make sure that the cert is trusted...\n"
1055
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1056
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1057
#~ "\n"
1058
#~ "  if test \"${?}\" = \"0\"; then\n"
1059
#~ "    # Throw a meaningful error and remove the file\n"
1060
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1061
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1062
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1063
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1064
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1065
#~ "    continue\n"
1066
#~ "  fi\n"
1067
#~ "\n"
1068
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1069
#~ "  # Find the cert data and generate a cert file for it\n"
1070
#~ "\n"
1071
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1072
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1073
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1074
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1075
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1076
#~ "  echo \"Created ${keyhash}.pem\"\n"
1077
#~ "done\n"
1078
#~ "\n"
1079
#~ "# Remove blacklisted files\n"
1080
#~ "# MD5 Collision Proof of Concept CA\n"
1081
#~ "if test -f certs/8f111d69.pem; then\n"
1082
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1083
#~ "  rm -f certs/8f111d69.pem\n"
1084
#~ "fi\n"
1085
#~ "\n"
1086
#~ "# Finally, generate the bundle and clean up.\n"
1087
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1088
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1089
#~ "EOF\n"
1090
#~ "\n"
1091
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1092
 
1093
#~ msgid ""
1094
#~ "Add a short script to remove expired certificates from a directory.  Again "
1095
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1096
#~ "user:"
1097
#~ msgstr ""
1098
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
1099
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
1100
#~ "class=\"username\">root</systemitem>&nbsp;:"
1101
 
1102
#~ msgid ""
1103
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1104
#~ "<literal>#!/bin/sh\n"
1105
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1106
#~ "#\n"
1107
#~ "# Version 20120211\n"
1108
#~ "\n"
1109
#~ "# Make sure the date is parsed correctly on all systems\n"
1110
#~ "mydate()\n"
1111
#~ "{\n"
1112
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1113
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1114
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1115
#~ "  local m\n"
1116
#~ "\n"
1117
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1118
#~ "\n"
1119
#~ "  case $M in\n"
1120
#~ "    Jan) m=\"01\";;\n"
1121
#~ "    Feb) m=\"02\";;\n"
1122
#~ "    Mar) m=\"03\";;\n"
1123
#~ "    Apr) m=\"04\";;\n"
1124
#~ "    May) m=\"05\";;\n"
1125
#~ "    Jun) m=\"06\";;\n"
1126
#~ "    Jul) m=\"07\";;\n"
1127
#~ "    Aug) m=\"08\";;\n"
1128
#~ "    Sep) m=\"09\";;\n"
1129
#~ "    Oct) m=\"10\";;\n"
1130
#~ "    Nov) m=\"11\";;\n"
1131
#~ "    Dec) m=\"12\";;\n"
1132
#~ "  esac\n"
1133
#~ "\n"
1134
#~ "  certdate=\"${y}${m}${d}\"\n"
1135
#~ "}\n"
1136
#~ "\n"
1137
#~ "OPENSSL=/usr/bin/openssl\n"
1138
#~ "DIR=/etc/ssl/certs\n"
1139
#~ "\n"
1140
#~ "if [ $# -gt 0 ]; then\n"
1141
#~ "  DIR=\"$1\"\n"
1142
#~ "fi\n"
1143
#~ "\n"
1144
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1145
#~ "today=$( date +%Y%m%d )\n"
1146
#~ "\n"
1147
#~ "for cert in $certs; do\n"
1148
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1149
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1150
#~ "  mydate \"$date\"\n"
1151
#~ "\n"
1152
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1153
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1154
#~ "     rm -f \"${cert}\"\n"
1155
#~ "  fi\n"
1156
#~ "done</literal>\n"
1157
#~ "EOF\n"
1158
#~ "\n"
1159
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1160
#~ msgstr ""
1161
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1162
#~ "<literal>#!/bin/sh\n"
1163
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1164
#~ "#\n"
1165
#~ "# Version 20120211\n"
1166
#~ "\n"
1167
#~ "# Make sure the date is parsed correctly on all systems\n"
1168
#~ "mydate()\n"
1169
#~ "{\n"
1170
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1171
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1172
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1173
#~ "  local m\n"
1174
#~ "\n"
1175
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1176
#~ "\n"
1177
#~ "  case $M in\n"
1178
#~ "    Jan) m=\"01\";;\n"
1179
#~ "    Feb) m=\"02\";;\n"
1180
#~ "    Mar) m=\"03\";;\n"
1181
#~ "    Apr) m=\"04\";;\n"
1182
#~ "    May) m=\"05\";;\n"
1183
#~ "    Jun) m=\"06\";;\n"
1184
#~ "    Jul) m=\"07\";;\n"
1185
#~ "    Aug) m=\"08\";;\n"
1186
#~ "    Sep) m=\"09\";;\n"
1187
#~ "    Oct) m=\"10\";;\n"
1188
#~ "    Nov) m=\"11\";;\n"
1189
#~ "    Dec) m=\"12\";;\n"
1190
#~ "  esac\n"
1191
#~ "\n"
1192
#~ "  certdate=\"${y}${m}${d}\"\n"
1193
#~ "}\n"
1194
#~ "\n"
1195
#~ "OPENSSL=/usr/bin/openssl\n"
1196
#~ "DIR=/etc/ssl/certs\n"
1197
#~ "\n"
1198
#~ "if [ $# -gt 0 ]; then\n"
1199
#~ "  DIR=\"$1\"\n"
1200
#~ "fi\n"
1201
#~ "\n"
1202
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1203
#~ "today=$( date +%Y%m%d )\n"
1204
#~ "\n"
1205
#~ "for cert in $certs; do\n"
1206
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1207
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1208
#~ "  mydate \"$date\"\n"
1209
#~ "\n"
1210
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1211
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1212
#~ "     rm -f \"${cert}\"\n"
1213
#~ "  fi\n"
1214
#~ "done</literal>\n"
1215
#~ "EOF\n"
1216
#~ "\n"
1217
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1218
 
1219
#~ msgid ""
1220
#~ "The following commands will fetch the certificates and convert them to the "
1221
#~ "correct format.  If desired, a web browser may be used instead of "
1222
#~ "<application>wget</application> but the file will need to be saved with the "
1223
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1224
#~ "necessary to update the CA Certificates."
1225
#~ msgstr ""
1226
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1227
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1228
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1229
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1230
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1231
#~ "jour les Certificats CA."
1232
 
1233
#~ msgid ""
1234
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1235
#~ "rm -f certdata.txt &amp;&amp;\n"
1236
#~ "wget $URL          &amp;&amp;\n"
1237
#~ "make-ca.sh         &amp;&amp;\n"
1238
#~ "unset URL</userinput>"
1239
#~ msgstr ""
1240
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1241
#~ "rm -f certdata.txt &amp;&amp;\n"
1242
#~ "wget $URL          &amp;&amp;\n"
1243
#~ "make-ca.sh         &amp;&amp;\n"
1244
#~ "unset URL</userinput>"
1245
 
1246
#~ msgid ""
1247
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1248
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1249
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1250
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1251
#~ "c_rehash                                                     &amp;&amp;\n"
1252
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1253
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1254
#~ "unset SSLDIR</userinput>"
1255
#~ msgstr ""
1256
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1257
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1258
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1259
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1260
#~ "c_rehash                                                     &amp;&amp;\n"
1261
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1262
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1263
#~ "unset SSLDIR</userinput>"
1264
 
1265
#~ msgid "Finally, clean up the current directory:"
1266
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1267
 
1268
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1269
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1270
 
1271
#~ msgid ""
1272
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1273
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1274
#~ "certs'/>."
1275
#~ msgstr ""
1276
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1277
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1278
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1279
 
1280
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1281
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1282
 
1283
#~ msgid "<command>make-cert.pl</command>"
1284
#~ msgstr "<command>make-cert.pl</command>"
1285
 
1286
#~ msgid ""
1287
#~ "is a utility <application>perl</application> script that converts a single "
1288
#~ "binary certificate (.der format) into .pem format."
1289
#~ msgstr ""
1290
#~ "est un script <application>perl</application> qui convertit un certificat "
1291
#~ "binaire unique (format .der) au format .pem."
1292
 
1293
#~ msgid "make-cert"
1294
#~ msgstr "make-cert"
1295
 
1296
#~ msgid "<command>remove-expired-certs.sh</command>"
1297
#~ msgstr "<command>remove-expired-certs.sh</command>"
1298
 
1299
#~ msgid ""
1300
#~ "is a utility shell script that removes expired certificates from a "
1301
#~ "directory.  The default directory is <filename "
1302
#~ "class='directory'>/etc/ssl/certs</filename>."
1303
#~ msgstr ""
1304
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1305
#~ " répertoire par défaut est <filename "
1306
#~ "class='directory'>/etc/ssl/certs</filename>."
1307
 
1308
#~ msgid "remove-expired-certs"
1309
#~ msgstr "remove-expired-certs"