Subversion Repositories svn LFS-FR

Rev

Rev 7802 | Rev 7817 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7355 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
7808 jlepiller 9
"POT-Creation-Date: 2019-02-28 20:10+0000\n"
7802 jlepiller 10
"PO-Revision-Date: 2019-02-25 14:52+0000\n"
7355 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.8\n"
7802 jlepiller 19
"X-POOTLE-MTIME: 1551106350.442992\n"
7355 jlepiller 20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/make-ca.xml:7
23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
25
 
26
#. type: Content of the certpath entity
27
#: blfs-en/postlfs/security/make-ca.xml:8
28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
30
 
31
#. type: Content of the make-ca-buildsize entity
32
#: blfs-en/postlfs/security/make-ca.xml:9
33
msgid "6.6 MB (with all runtime deps)"
34
msgstr "6.6 Mo (avec toutes les dépendances à l'exécution)"
35
 
36
#. type: Content of the make-ca-time entity
37
#: blfs-en/postlfs/security/make-ca.xml:10
7605 jlepiller 38
msgid "0.1 SBU (with all runtime deps)"
39
msgstr "0.1 SBU (avec toutes les dépendances à l'exécution)"
7355 jlepiller 40
 
41
#. type: Content of the make-ca-download entity
42
#: blfs-en/postlfs/security/make-ca.xml:12
43
msgid ""
7687 jlepiller 44
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
45
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 46
msgstr ""
7687 jlepiller 47
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
48
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 49
 
50
#. type: Content of the make-ca-size entity
51
#: blfs-en/postlfs/security/make-ca.xml:13
7687 jlepiller 52
msgid "28 KB"
53
msgstr "28 Ko"
7355 jlepiller 54
 
55
#. type: Content of the make-ca-md5sum entity
56
#: blfs-en/postlfs/security/make-ca.xml:14
7724 jlepiller 57
msgid "5b68cf77b02d5681f8419b8acfd139c0"
58
msgstr "5b68cf77b02d5681f8419b8acfd139c0"
7355 jlepiller 59
 
60
#. type: Content of: <sect1><sect1info>
61
#: blfs-en/postlfs/security/make-ca.xml:21
62
msgid ""
7800 jlepiller 63
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-02-24 05:09:58"
64
" +0000 (Sun, 24 Feb 2019) $</date>"
7355 jlepiller 65
msgstr ""
7800 jlepiller 66
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-02-24 05:09:58"
67
" +0000 (Sun, 24 Feb 2019) $</date>"
7355 jlepiller 68
 
7360 jlepiller 69
#. type: Content of: <sect1><title>
70
#: blfs-en/postlfs/security/make-ca.xml:25
71
msgid "make-ca-&make-ca-version;"
72
msgstr "make-ca-&make-ca-version;"
73
 
7355 jlepiller 74
#. type: Content of:
75
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7360 jlepiller 76
#: blfs-en/postlfs/security/make-ca.xml:27
7800 jlepiller 77
#: blfs-en/postlfs/security/make-ca.xml:258
78
#: blfs-en/postlfs/security/make-ca.xml:276
7355 jlepiller 79
msgid "make-ca"
80
msgstr "make-ca"
81
 
7360 jlepiller 82
#. type: Content of: <sect1><sect2><title>
83
#: blfs-en/postlfs/security/make-ca.xml:31
84
msgid "Introduction to make-ca"
85
msgstr "Introduction à make-ca"
86
 
87
#. type: Content of: <sect1><sect2><para>
88
#: blfs-en/postlfs/security/make-ca.xml:34
7355 jlepiller 89
msgid ""
90
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
91
"an otherwise unknown entity across untrusted networks. PKI works by "
92
"establishing a chain of trust, rather than trusting each individual host or "
93
"entity explicitly. In order for a certificate presented by a remote entity "
94
"to be trusted, that certificate must present a complete chain of "
95
"certificates that can be validated using the root certificate of a "
96
"Certificate Authority (CA) that is trusted by the local machine."
97
msgstr ""
98
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
99
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
100
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
101
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
102
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
103
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
104
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
105
"autorité de certification (CA) en laquelle la machine locale a confiance."
106
 
7360 jlepiller 107
#. type: Content of: <sect1><sect2><para>
108
#: blfs-en/postlfs/security/make-ca.xml:44
7355 jlepiller 109
msgid ""
110
"Establishing trust with a CA involves validating things like company "
111
"address, ownership, contact information, etc., and ensuring that the CA has "
112
"followed best practices, such as undergoing periodic security audits by "
113
"independent investigators and maintaining an always available certificate "
114
"revocation list. This is well outside the scope of BLFS (as it is for most "
115
"Linux distributions). The certificate store provided here is taken from the "
116
"Mozilla Foundation, who have established very strict inclusion policies "
117
"described <ulink url=\"https://www.mozilla.org/en-"
118
"US/about/governance/policies/security-group/certs/\">here</ulink>."
119
msgstr ""
120
"L'établissement de la confiance avec une CA nécessite de valider des choses "
121
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
122
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
123
"audits de sécurité périodiques par des enquêteurs indépendants et le "
124
"maintient d'une liste de révocation de certificats toujours disponible. Ceci"
125
" est bien au delà de la portée de BLFS (comme pour la plupart des "
126
"distributions Linux). Le magasin de certificats fournit ici est emprunté à "
127
"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"
128
" décrite <ulink url=\"https://www.mozilla.org/en-"
129
"US/about/governance/policies/security-group/certs/\">ici</ulink>."
130
 
131
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 132
#: blfs-en/postlfs/security/make-ca.xml:57
7355 jlepiller 133
msgid "Package Information"
134
msgstr "Informations sur le paquet"
135
 
136
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 137
#: blfs-en/postlfs/security/make-ca.xml:60
7355 jlepiller 138
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
139
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
140
 
141
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 142
#: blfs-en/postlfs/security/make-ca.xml:63
7355 jlepiller 143
msgid "Download size: &make-ca-size;"
144
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
145
 
146
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 147
#: blfs-en/postlfs/security/make-ca.xml:66
7355 jlepiller 148
msgid "Download MD5 Sum: &make-ca-md5sum;"
149
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
150
 
151
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 152
#: blfs-en/postlfs/security/make-ca.xml:69
7355 jlepiller 153
msgid "Estimated disk space required: &make-ca-buildsize;"
154
msgstr "Estimation de l'espace disque requis&nbsp;: &make-ca-buildsize;"
155
 
156
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 157
#: blfs-en/postlfs/security/make-ca.xml:72
7355 jlepiller 158
msgid "Estimated build time: &make-ca-time;"
159
msgstr "Estimation du temps de construction&nbsp;: &make-ca-time;"
160
 
161
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 162
#: blfs-en/postlfs/security/make-ca.xml:76
7355 jlepiller 163
msgid "make-ca Dependencies"
164
msgstr "Dépendances de make-ca"
165
 
166
#. type: Content of: <sect1><sect2><bridgehead>
7605 jlepiller 167
#: blfs-en/postlfs/security/make-ca.xml:78
7630 jlepiller 168
msgid "Required"
169
msgstr "Requises"
7605 jlepiller 170
 
171
#. type: Content of: <sect1><sect2><para>
172
#: blfs-en/postlfs/security/make-ca.xml:79
173
msgid ""
174
"<xref linkend=\"p11-kit\"/> (required at runtime to generate certificate "
175
"stores from trust anchors)"
176
msgstr ""
177
"<xref linkend=\"p11-kit\"/> (requis à l'exécution pour générer des banques "
178
"de certificats à partir d'ancres de confiance)"
179
 
180
#. type: Content of: <sect1><sect2><bridgehead>
7630 jlepiller 181
#: blfs-en/postlfs/security/make-ca.xml:83
7355 jlepiller 182
msgid "Optional (runtime)"
183
msgstr "Facultatives (exécution)"
184
 
185
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 186
#: blfs-en/postlfs/security/make-ca.xml:85
7355 jlepiller 187
msgid ""
188
"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "
7605 jlepiller 189
"linkend=\"openjdk\"/> (to generate a java PKCS#12 store), and <xref "
190
"role=\"runtime\" linkend=\"nss\"/> (to generate a shared NSSDB)"
7355 jlepiller 191
msgstr ""
192
"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "
7605 jlepiller 193
"linkend=\"openjdk\"/> (pour générer une banque PKCS#12 java) et <xref "
194
"role=\"runtime\" linkend=\"nss\"/> (pour générer un NSSDB partagé)"
7355 jlepiller 195
 
196
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 197
#: blfs-en/postlfs/security/make-ca.xml:91
7355 jlepiller 198
msgid "User Notes: <ulink url='&blfs-wiki;/make-ca'/>"
199
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/make-ca'/>"
200
 
201
#. type: Content of: <sect1><sect2><title>
7630 jlepiller 202
#: blfs-en/postlfs/security/make-ca.xml:96
7355 jlepiller 203
msgid "Installation of make-ca"
204
msgstr "Installation de make-ca"
205
 
206
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 207
#: blfs-en/postlfs/security/make-ca.xml:98
7355 jlepiller 208
msgid ""
209
"The <application>make-ca</application> script will download and process the "
210
"certificates included in the <filename>certdata.txt</filename> file for use "
7605 jlepiller 211
"as trust anchors for the <xref linkend=\"p11-kit\"/> trust module. "
212
"Additionally, it will generate system certificate stores used by BLFS "
213
"applications (if the recommended and optional applications are present on "
214
"the system). Any local certificates stored in "
215
"<filename>/etc/ssl/local</filename> will be imported to both the trust "
7800 jlepiller 216
"anchors and the generated certificate stores (overriding Mozilla's trust)."
7355 jlepiller 217
msgstr ""
7605 jlepiller 218
"Le script <application>make-ca</application> téléchargera et adaptera les "
219
"certificats inclus dans le fichier <filename>certdata.txt</filename> pour "
220
"l'utiliser comme ancre de confiance dans le module de confiance de <xref "
221
"linkend=\"p11-kit\"/>. En plus, il générera les banques de certificats du "
222
"système utilisées par les application de BLFS (si les applications "
223
"recommandées et facultatives sont présentes sur le système). Tout certificat"
224
" local stocké dans <filename>/etc/ssl/local</filename> sera importé dans les"
225
" ancres de confiance et dans les banques de certificats générées (en "
7802 jlepiller 226
"remplaçant la confiance de Mozilla)."
7355 jlepiller 227
 
228
#. type: Content of: <sect1><sect2><para>
7800 jlepiller 229
#: blfs-en/postlfs/security/make-ca.xml:108
7355 jlepiller 230
msgid ""
231
"To install the various certificate stores, first install the "
232
"<application>make-ca</application> script into the correct location.  As the"
233
" <systemitem class=\"username\">root</systemitem> user:"
234
msgstr ""
235
"Pour installer les divers magasins de certificats, installez le script "
236
"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "
237
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
238
 
239
#. type: Content of: <sect1><sect2><screen>
7800 jlepiller 240
#: blfs-en/postlfs/security/make-ca.xml:112
7355 jlepiller 241
#, no-wrap
7687 jlepiller 242
msgid "<userinput>make install</userinput>"
243
msgstr "<userinput>make install</userinput>"
7355 jlepiller 244
 
245
#. type: Content of: <sect1><sect2><para>
7800 jlepiller 246
#: blfs-en/postlfs/security/make-ca.xml:114
7355 jlepiller 247
msgid ""
7605 jlepiller 248
"As the <systemitem class=\"username\">root</systemitem> user, after "
249
"installing <xref linkend=\"p11-kit\"/>, download the certificate source and "
250
"prepare for system use with the following command:"
7355 jlepiller 251
msgstr ""
252
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
7605 jlepiller 253
"après l'installation de <xref linkend=\"p11-kit\"/>, téléchargez la banque "
254
"de certificats et préparez-la à être utilisée par le système avec la "
255
"commande suivante&nbsp;:"
7355 jlepiller 256
 
257
#. type: Content of: <sect1><sect2><note><para>
7800 jlepiller 258
#: blfs-en/postlfs/security/make-ca.xml:119
7355 jlepiller 259
msgid ""
260
"If running the script a second time with the same version of "
261
"<filename>certdata.txt</filename>, for instance, to add additional stores as"
7605 jlepiller 262
" the requisite software is installed, add the <parameter>-r</parameter> "
7355 jlepiller 263
"switch to the command line. If packaging, run <command>make-ca "
264
"--help</command> to see all available command line options."
265
msgstr ""
266
"Si vous lancez le script une deuxième fois avec la même version de "
7605 jlepiller 267
"<filename>certdata.txt</filename>, par exemple pour ajouter des banques "
7355 jlepiller 268
"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "
7605 jlepiller 269
"<parameter>-r</parameter> à la ligne de commande. Si vous créez un paquet, "
7355 jlepiller 270
"lancez <command>make-ca --help</command> pour voir toutes les options de la "
271
"ligne de commande disponibles."
272
 
273
#. type: Content of: <sect1><sect2><screen>
7800 jlepiller 274
#: blfs-en/postlfs/security/make-ca.xml:126
7355 jlepiller 275
#, no-wrap
7465 jlepiller 276
msgid "<userinput>/usr/sbin/make-ca -g</userinput>"
277
msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"
7355 jlepiller 278
 
279
#. type: Content of: <sect1><sect2><para>
7800 jlepiller 280
#: blfs-en/postlfs/security/make-ca.xml:129
7355 jlepiller 281
msgid ""
7716 jlepiller 282
"Previous versions of BLFS used the path <filename>/etc/ssl/ca-"
7687 jlepiller 283
"bundle.crt</filename> for the <xref linkend=\"gnutls\"/> certificate store. "
284
"If software is still installed that references this file, create a "
7800 jlepiller 285
"compatibility symlink for the old location as the <systemitem "
7687 jlepiller 286
"class=\"username\">root</systemitem> user:"
287
msgstr ""
7692 jlepiller 288
"Les versions précédentes de BLFS utilisaient le chemin "
289
"<filename>/etc/ssl/ca-bundle.crt</filename> pour le dépôt des certificats de"
290
" <xref linkend=\"gnutls\"/>. Si des logiciels référençant ce fichier sont "
291
"toujours installés, créez un lien symbolique de compatibilité pour l'ancien "
292
"emplacement en tant qu'utilisateur <systemitem "
293
"class=\"username\">root</systemitem>&nbsp;:"
7687 jlepiller 294
 
295
#. type: Content of: <sect1><sect2><screen>
7800 jlepiller 296
#: blfs-en/postlfs/security/make-ca.xml:135
7687 jlepiller 297
#, no-wrap
298
msgid ""
299
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \\\n"
300
"        /etc/ssl/ca-bundle.crt</userinput>"
301
msgstr ""
302
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \\\n"
303
"        /etc/ssl/ca-bundle.crt</userinput>"
304
 
305
#. type: Content of: <sect1><sect2><para>
7800 jlepiller 306
#: blfs-en/postlfs/security/make-ca.xml:138
7687 jlepiller 307
msgid ""
7355 jlepiller 308
"You should periodically update the store with the above command either "
309
"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "
310
"revision=\"systemd\">systemd timer. A timer is installed at "
7724 jlepiller 311
"<filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if "
312
"enabled, will check for updates weekly. </phrase><phrase "
313
"revision=\"sysv\">If you've installed <xref linkend=\"fcron\"/> and "
314
"completed the section on periodic jobs, execute</phrase><phrase "
315
"revision=\"systemd\">Execute</phrase> the following commands, as the "
316
"<systemitem class=\"username\">root</systemitem> user, to <phrase "
317
"revision=\"sysv\">create a weekly cron job:</phrase> <phrase "
318
"revision=\"systemd\">enable the systemd timer:</phrase>"
7355 jlepiller 319
msgstr ""
320
"Vous devriez mettre à jour régulièrement le magasin avec la commande ci-"
321
"dessus soit manuellement, soit via <phrase revision=\"sysv\">une tâche "
322
"cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer est "
323
"installé dans <filename>/etc/systemd/system/update-pki.timer</filename> et "
324
"s'il est activé, il vérifiera les mises à jour une fois par "
7725 jlepiller 325
"semaine.</phrase><phrase revision=\"sysv\">Si vous avez installé <xref "
326
"linkend=\"fcron\"/> et complété la section sur les travaux périodiques, "
327
"exécutez</phrase><phrase revision=\"systemd\">Exécutez</phrase> les "
328
"commandes suivantes, en tant qu'utilisateur <systemitem "
329
"class=\"username\">root</systemitem> pour <phrase revision=\"sysv\">créer "
330
"une tache cron hebdomadaire&nbsp;:</phrase><phrase "
331
"revision=\"systemd\">activer le timer systemd&nbsp;:</phrase>"
7355 jlepiller 332
 
7724 jlepiller 333
#. type: Content of: <sect1><sect2><screen>
7800 jlepiller 334
#: blfs-en/postlfs/security/make-ca.xml:151
7724 jlepiller 335
#, no-wrap
336
msgid ""
7740 jlepiller 337
"<userinput>install -vdm755 /etc/cron.weekly                       &amp;&amp;\n"
338
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 339
"<literal>#!/bin/bash\n"
340
"/usr/sbin/make-ca -g</literal>\n"
341
"EOF\n"
342
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
343
msgstr ""
7740 jlepiller 344
"<userinput>install -vdm755 /etc/cron.weekly                       &amp;&amp;\n"
345
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 346
"<literal>#!/bin/bash\n"
347
"/usr/sbin/make-ca -g</literal>\n"
348
"EOF\n"
349
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
350
 
351
#. type: Content of: <sect1><sect2><screen>
7800 jlepiller 352
#: blfs-en/postlfs/security/make-ca.xml:158
7724 jlepiller 353
#, no-wrap
354
msgid "<userinput>systemctl enable update-pki.timer</userinput>"
355
msgstr "<userinput>systemctl enable update-pki.timer</userinput>"
356
 
7687 jlepiller 357
#. type: Content of: <sect1><sect2><title>
7800 jlepiller 358
#: blfs-en/postlfs/security/make-ca.xml:163
7687 jlepiller 359
msgid "Configuring make-ca"
360
msgstr "Configuration de make-ca"
361
 
7355 jlepiller 362
#. type: Content of: <sect1><sect2><para>
7800 jlepiller 363
#: blfs-en/postlfs/security/make-ca.xml:165
7355 jlepiller 364
msgid ""
7800 jlepiller 365
"For most users, no additional configuration is necessary, however, the "
7687 jlepiller 366
"default <filename>certdata.txt</filename> file provided by make-ca is "
7355 jlepiller 367
"obtained from the mozilla-release branch, and is modified to provide a "
7687 jlepiller 368
"Mercurial revision. This will be the correct version for most systems.  "
369
"There are several other variants of the file available for use that might be"
370
" preferred for one reason or another, including the files shipped with "
371
"Mozilla products in this book. RedHat and OpenSUSE, for instance, use the "
372
"version included in <xref linkend=\"nss\"/>. Additional upstream downloads "
373
"are available at the links included in <filename>/etc/make-"
374
"ca.conf.dist</filename>. Simply copy the file to <filename>/etc/make-"
375
"ca.conf</filename> and edit as appropriate."
7355 jlepiller 376
msgstr ""
7802 jlepiller 377
"Pour la plupart des utilisateurs, aucune configuration supplémentaire n'est "
378
"nécessaire, cependant le fichier <filename>certdata.txt</filename> par "
379
"défaut fournit par make-ca est obtenu à partir de la branche mozilla-"
380
"release, et est modifié pour fournir une révision Mercurial. Ce sera la "
381
"bonne version pour la plupart des systèmes. Il y a plusieurs variantes du "
382
"fichier disponibles à l'utilisation que vous pourriez préférer pour une "
383
"raison ou une autre, incluses dans les produits Mozilla dans ce livre. "
384
"RedHat et OpenSUSE par exemple utilisent la version incluse dans <xref "
385
"linkend=\"nss\"/>. Des emplacements de téléchargement supplémentaires sont "
386
"disponibles dans les liens inclus dans <filename>/etc/make-"
387
"ca.conf.dist</filename>. Copiez simplement ce fichier vers "
388
"<filename>/etc/make-ca.conf</filename> et modifiez-le comme vous le voulez."
7355 jlepiller 389
 
7687 jlepiller 390
#. type: Content of: <sect1><sect2><indexterm><primary>
7800 jlepiller 391
#: blfs-en/postlfs/security/make-ca.xml:178
7687 jlepiller 392
msgid "/etc/make-ca.conf"
393
msgstr "/etc/make-ca.conf"
7355 jlepiller 394
 
7800 jlepiller 395
#. type: Content of: <sect1><sect2><bridgehead>
396
#: blfs-en/postlfs/security/make-ca.xml:181
397
msgid "About Trust Arguments"
7802 jlepiller 398
msgstr "À propos des arguments sur la confiance"
7800 jlepiller 399
 
400
#. type: Content of: <sect1><sect2><para>
401
#: blfs-en/postlfs/security/make-ca.xml:183
402
msgid ""
403
"There are three trust types that are recognized by the <application>make-"
404
"ca</application> script, SSL/TLS, S/Mime, and code signing. For "
405
"<application>OpenSSL</application>, these are "
406
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter>, "
407
"and <parameter>codeSigning</parameter> respectively. If one of the three "
408
"trust arguments is omitted, the certificate is neither trusted, nor rejected"
409
" for that role. Clients that use <application>OpenSSL</application> or "
410
"<application>NSS</application> encountering this certificate will present a "
411
"warning to the user. Clients using <application>GnuTLS</application> without"
412
" <application>p11-kit</application> support are not aware of trusted "
413
"certificates. To include this CA into the <filename>ca-"
414
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename>, or "
415
"<filename>objsign-ca-bundle.crt</filename> files (the "
416
"<application>GnuTLS</application> legacy bundles), it must have the "
417
"appropriate trust arguments."
418
msgstr ""
7802 jlepiller 419
"Il y a trois types de confiances reconnues par le script <application>make-"
420
"ca</application>, SSL/TLS, S/Mime et signature de code. Pour "
421
"<application>OpenSSL</application>, il s'agit de "
422
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter> et"
423
" <parameter>codeSigning</parameter> respectivement. Si un argument trust en "
424
"omis, le certificat n'est ni reconnu ni rejeté pour ce rôle. Les clients qui"
425
" utilisent <application>OpenSSL</application> ou "
7800 jlepiller 426
"<application>NSS</application> rencontrant ce certificat renverront un "
7802 jlepiller 427
"avertissement à l'utilisateur. Les clients qui utilisent "
7800 jlepiller 428
"<application>GnuTLS</application> sans le support de "
429
"<application>p11-kit</application> ne sont pas conscient des certificats de "
7802 jlepiller 430
"confiance. Pour inclure cette CA dans les fichiers <filename>ca-"
431
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename> ou "
432
"<filename>objsign-ca-bundle.crt</filename> (les anciens lots de "
433
"<application>GnuTLS</application>), il doit avoir l'argument de confiance "
434
"approprié."
7800 jlepiller 435
 
436
#. type: Content of: <sect1><sect2><bridgehead>
437
#: blfs-en/postlfs/security/make-ca.xml:201
438
msgid "Adding Additional CA Certificates"
7802 jlepiller 439
msgstr "Ajouter des certificats de CA supplémentaires"
7800 jlepiller 440
 
441
#. type: Content of: <sect1><sect2><para>
442
#: blfs-en/postlfs/security/make-ca.xml:203
443
msgid ""
444
"The <filename class=\"directory\">/etc/ssl/local</filename> directory is "
445
"available to add additional CA certificates to the system. For instance, you"
446
" might need to add an organization or government CA certificate.  Files in "
447
"this directory must be in the <application>OpenSSL</application> trusted "
448
"certificate format. To create an <application>OpenSSL</application> trusted "
449
"certificate from a regular PEM encoded file, you need to add trust arguments"
450
" to the <command>openssl</command> command, and create a new certificate. "
451
"For example, using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> "
452
"roots, if you want to trust both for all three roles, the following commands"
453
" will create appropriate OpenSSL trusted certificates (run as the "
454
"<systemitem class=\"username\">root</systemitem> user after <xref "
455
"linkend=\"wget\"/> is installed):"
456
msgstr ""
7802 jlepiller 457
"Le répertoire <filename class=\"directory\">/etc/ssl/local</filename> est "
458
"disponible pour ajouter des certificats de CA supplémentaires sur le "
459
"système. Par exemple, vous pourriez avoir besoin d'ajouter une CA d'une "
460
"organisation ou d'un gouvernement. Les fichiers de ce répertoire doivent "
461
"être au format de certification de confiance "
462
"d'<application>OpenSSL</application>. Pour créer un certificat de confiance "
463
"<application>OpenSSL</application> depuis un fichier normal encodé en PEM, "
464
"vous devrez ajouter des arguments «&nbsp;trust&nbsp;» à la commande "
465
"<command>openssl</command> et créer un nouveau certificat. Par exemple, si "
466
"vous souhaitez utiliser les racines <ulink "
7800 jlepiller 467
"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "
468
"confiance pour ces trois rôles, les commandes suivantes créeront des "
469
"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "
470
"<systemitem class=\"username\">root</systemitem> après l'installation de "
471
"<xref linkend=\"wget\"/>)&nbsp;:"
472
 
473
#. type: Content of: <sect1><sect2><screen>
474
#: blfs-en/postlfs/security/make-ca.xml:217
475
#, no-wrap
476
msgid ""
477
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
478
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
479
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
480
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
481
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
482
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
483
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
484
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
485
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
486
msgstr ""
487
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
488
"wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
489
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
490
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
491
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
492
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
493
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
494
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
495
"        > /etc/ssl/local/CAcert_Class_3_root.pem</userinput>"
496
 
497
#. type: Content of: <sect1><sect2><bridgehead>
498
#: blfs-en/postlfs/security/make-ca.xml:227
499
msgid "Overriding Mozilla Trust"
7802 jlepiller 500
msgstr "Remplacer la confiance de Mozilla"
7800 jlepiller 501
 
502
#. type: Content of: <sect1><sect2><para>
503
#: blfs-en/postlfs/security/make-ca.xml:229
504
msgid ""
505
"Occasionally, there may be instances where you don't agree with Mozilla's "
506
"inclusion of a particular certificate authority. If you'd like to override "
507
"the default trust of a particular CA, simply create a copy of the existing "
508
"certificate in <filename class=\"directory\">/etc/ssl/local</filename> with "
509
"different trust arguments. For example, if you'd like to distrust the "
510
"\"Makebelieve_CA_Root\" file, run the following commands:"
511
msgstr ""
7802 jlepiller 512
"Parfois, il peut arriver que vous ne soyez pas d'accord avec l'inclusion "
513
"d'une autorité de certification particulière. Si vous voulez remplacer la "
514
"confiance par défaut d'une CA particulière, créez simplement une copie du "
515
"certificat existant dans <filename "
516
"class=\"directory\">/etc/ssl/local</filename> avec des arguments de "
517
"confiances différents. Par exemple, si vous ne voulez pas faire confiance au"
518
" fichier «&nbsp;Makebelieve_CA_Root&nbsp;», lancez les commandes "
519
"suivantes&nbsp;:"
7800 jlepiller 520
 
521
#. type: Content of: <sect1><sect2><screen>
522
#: blfs-en/postlfs/security/make-ca.xml:237
523
#, no-wrap
524
msgid ""
525
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
526
"openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
527
"             -text \\\n"
528
"             -fingerprint \n"
529
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
530
"             -addreject serverAuth \\\n"
531
"             -addreject emailProtection \\\n"
532
"             -addreject codeSigning \\\n"
533
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
534
"/usr/sbin/make-ca -r -f</userinput>"
535
msgstr ""
536
"<userinput>install -vdm755 /etc/ssl/local &amp;&amp;\n"
537
"openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
538
"             -text \\\n"
539
"             -fingerprint \n"
540
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
541
"             -addreject serverAuth \\\n"
542
"             -addreject emailProtection \\\n"
543
"             -addreject codeSigning \\\n"
544
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
545
"/usr/sbin/make-ca -r -f</userinput>"
546
 
7687 jlepiller 547
#. type: Content of: <sect1><sect2><title>
7800 jlepiller 548
#: blfs-en/postlfs/security/make-ca.xml:251
7355 jlepiller 549
msgid "Contents"
550
msgstr "Contenu"
551
 
552
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7800 jlepiller 553
#: blfs-en/postlfs/security/make-ca.xml:254
7355 jlepiller 554
msgid "Installed Programs"
555
msgstr "Programmes installés"
556
 
557
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
7800 jlepiller 558
#: blfs-en/postlfs/security/make-ca.xml:255
7355 jlepiller 559
msgid "Installed Directories"
560
msgstr "Répertoires installés"
561
 
562
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
7800 jlepiller 563
#: blfs-en/postlfs/security/make-ca.xml:259
564
msgid "/etc/ssl/{certs,local} and /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7802 jlepiller 565
msgstr "/etc/ssl/{certs,local} et /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7355 jlepiller 566
 
567
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
7800 jlepiller 568
#: blfs-en/postlfs/security/make-ca.xml:265
7355 jlepiller 569
msgid "Short Descriptions"
570
msgstr "Descriptions courtes"
571
 
572
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
7800 jlepiller 573
#: blfs-en/postlfs/security/make-ca.xml:270
7355 jlepiller 574
msgid "<command>make-ca</command>"
575
msgstr "<command>make-ca</command>"
576
 
577
#. type: Content of:
578
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
7800 jlepiller 579
#: blfs-en/postlfs/security/make-ca.xml:272
7355 jlepiller 580
msgid ""
581
"is a shell script that adapts a current version of "
582
"<filename>certdata.txt</filename>, and prepares it for use as the system "
7605 jlepiller 583
"trust store."
7355 jlepiller 584
msgstr ""
585
"est un script shell qui adapte une version actuelle de "
7605 jlepiller 586
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme banque"
587
" de confiance du système."
7355 jlepiller 588
 
7724 jlepiller 589
#~ msgid "417a8ebfb3d6ac4821c1e508a0a3981f"
590
#~ msgstr "417a8ebfb3d6ac4821c1e508a0a3981f"
591
 
7723 jlepiller 592
#~ msgid "b038d38233f970aad60c29dfc0502021"
593
#~ msgstr "b038d38233f970aad60c29dfc0502021"
594
 
7687 jlepiller 595
#~ msgid "36 KB"
596
#~ msgstr "36 Ko"
7660 jlepiller 597
 
7687 jlepiller 598
#~ msgid "0eeaf712eedeae4fa55d8bfa37f4ca32"
599
#~ msgstr "0eeaf712eedeae4fa55d8bfa37f4ca32"
600
 
601
#~ msgid ""
602
#~ "Mozilla Release (the version provided by BLFS): <ulink "
603
#~ "url=\"&certhost;releases/mozilla-release/raw-"
604
#~ "file/default/security/nss&certpath;\"/>"
605
#~ msgstr ""
606
#~ "Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
607
#~ "url=\"&certhost;releases/mozilla-release/raw-"
608
#~ "file/default/security/nss&certpath;\"/>"
609
 
610
#~ msgid ""
611
#~ "NSS (this is the latest available version): <ulink "
612
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
613
#~ msgstr ""
614
#~ "NSS (c'est la dernière version disponible)&nbsp;: <ulink "
615
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
616
 
617
#~ msgid ""
618
#~ "Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
619
#~ "file/default/security/nss&certpath;\"/>"
620
#~ msgstr ""
621
#~ "Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
622
#~ "file/default/security/nss&certpath;\"/>"
623
 
624
#~ msgid ""
625
#~ "Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
626
#~ "file/default/security/nss&certpath;\"/>"
627
#~ msgstr ""
628
#~ "Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
629
#~ "file/default/security/nss&certpath;\"/>"
630
 
631
#~ msgid ""
632
#~ "Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
633
#~ "file/default/security/nss&certpath;\"/>"
634
#~ msgstr ""
635
#~ "Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
636
#~ "file/default/security/nss&certpath;\"/>"
637
 
638
#~ msgid "Installed Libraries"
639
#~ msgstr "Bibliothèques installées"
640
 
641
#~ msgid "None"
642
#~ msgstr "Aucune"
643
 
7630 jlepiller 644
#~ msgid "Recommended"
645
#~ msgstr "Recommandées"
646
 
7605 jlepiller 647
#~ msgid "1f0176c4fa89274971b2826a97f303f7"
648
#~ msgstr "1f0176c4fa89274971b2826a97f303f7"
649
 
7465 jlepiller 650
#~ msgid "4f180b9bf3b11f29d6a79e6022aeae23"
651
#~ msgstr "4f180b9bf3b11f29d6a79e6022aeae23"
7409 jlepiller 652
 
7465 jlepiller 653
#~ msgid ""
654
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
655
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
656
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
657
#~ "/usr/sbin/make-ca -g</userinput>"
658
#~ msgstr ""
659
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
660
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
661
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
662
#~ "/usr/sbin/make-ca -g</userinput>"
663
 
664
#~ msgid ""
665
#~ "The <command>sed</command> command works around missing quotes in "
666
#~ "<command>c_rehash</command> from openssl-1.1.0h and can be safely rerun (the"
667
#~ " \" inserted the first time will prevent matches on subsequent runs)."
668
#~ msgstr ""
669
#~ "La commande <command>sed</command> contourne le manque de guillemets dans "
670
#~ "<command>c_rehash</command> d'openssl-1.1.0h et peut être relancé sans "
671
#~ "problème (le \" inséré la première fois évitera une correspondance sur les "
672
#~ "lancements suivants)."
673
 
7355 jlepiller 674
#~ msgid "Certificate Authority Certificates"
675
#~ msgstr "Certificats d'autorité de certification"
676
 
677
#~ msgid "Certificate Authority Certificates Dependencies"
678
#~ msgstr "Dépendances de Certificate Authority Certificates"
679
 
680
#~ msgid "Installation of Certificate Authority Certificates"
681
#~ msgstr "Installation de Certificate Authority Certificates"
682
 
683
#~ msgid "851f9e267f343c54db8caa87ec5b3d75"
684
#~ msgstr "851f9e267f343c54db8caa87ec5b3d75"
685
 
686
#~ msgid "<xref linkend=\"openssl\"/>"
687
#~ msgstr "<xref linkend=\"openssl\"/>"
688
 
689
#~ msgid "32 KB"
690
#~ msgstr "32 Ko"
691
 
692
#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"
693
#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"
694
 
695
#~ msgid "&sources-anduin-http;/other/certdata.txt"
696
#~ msgstr "&sources-anduin-http;/other/certdata.txt"
697
 
698
#~ msgid "1.6 MB"
699
#~ msgstr "1.6 Mo"
700
 
701
#~ msgid "24 KB"
702
#~ msgstr "24 Ko"
703
 
704
#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"
705
#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"
706
 
707
#~ msgid "Additional Downloads"
708
#~ msgstr "Téléchargements supplémentaires"
709
 
710
#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
711
#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
712
 
713
#~ msgid ""
714
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
715
#~ "ca.sh</userinput>"
716
#~ msgstr ""
717
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
718
#~ "ca.sh</userinput>"
719
 
720
#~ msgid ""
721
#~ "You should periodically download a copy of <filename>certdata.txt</filename>"
722
#~ " and run the <application>make-ca.sh</application> script (as the "
723
#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "
724
#~ "monthly <application>cron</application> job to ensure that you have the "
725
#~ "latest available version of the certificates."
726
#~ msgstr ""
727
#~ "Vous devriez télécharger régulièrement une copie de "
728
#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"
729
#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "
730
#~ "class=\"username\">root</systemitem>), ou en tant que tâche "
731
#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "
732
#~ "dernière version disponible des certificats."
733
 
734
#~ msgid "make-ca.sh"
735
#~ msgstr "make-ca.sh"
736
 
737
#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"
738
#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"
739
 
740
#~ msgid "11 KB"
741
#~ msgstr "11 Ko"
742
 
743
#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"
744
#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"
745
 
746
#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"
747
#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"
748
 
749
#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"
750
#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"
751
 
752
#~ msgid "9e416981cd153d8923e06dc8e39ac534"
753
#~ msgstr "9e416981cd153d8923e06dc8e39ac534"
754
 
755
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
756
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
757
 
758
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
759
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
760
 
761
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
762
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
763
 
764
#~ msgid "1.4 MB"
765
#~ msgstr "1.4 Mo"
766
 
767
#~ msgid "0.1 SBU"
768
#~ msgstr "0.1 SBU"
769
 
770
#~ msgid ""
771
#~ "The Public Key Infrastructure is used for many security features in a Linux "
772
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
773
#~ "trusted agent called a Certificate Authority (CA). The certificates "
774
#~ "installed in this section are obtained from the Mozilla version control "
775
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
776
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
777
#~ " either directly or indirectly by linking to one of these packages."
778
#~ msgstr ""
779
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
780
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
781
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
782
#~ "agent de confiance, qu'on appelle l'autorité de certification "
783
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
784
#~ "certificats chargés dans cette section sont issus de la liste du système de "
785
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
786
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
787
#~ "également être utilisés par d'autres applications, directement ou "
788
#~ "indirectement via <application>openssl</application>."
789
 
790
#~ msgid ""
791
#~ "The <application>make-ca.sh</application> script will download a set of "
792
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
793
#~ "release) in the Mozialla version control system. It defaults to the release "
794
#~ "branch, which is identical to the version that ships with the Mozilla "
795
#~ "products in this book. If you'd like to change the branch that is retrieved,"
796
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
797
#~ "above."
798
#~ msgstr ""
799
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
800
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
801
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
802
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
803
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
804
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
805
#~ "l'une des cinq valeurs ci-dessus."
806
 
807
#~ msgid ""
808
#~ "Additionally, any local certificates stored in "
809
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
810
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
811
#~ "<application>gnutls</application>), and into the certificate store directory"
812
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
813
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
814
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
815
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
816
#~ " upon successful completion of this script."
817
#~ msgstr ""
818
#~ "De plus, tout certificat local stocké dans "
819
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
820
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
821
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
822
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
823
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
824
#~ "certificats passeront un test de validation de leur date et de leur "
825
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
826
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
827
#~ " la fin de ce script si tout va bien."
828
 
829
#~ msgid ""
830
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
831
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
832
#~ "<filename>/etc/ssl/java/cacerts</filename>."
833
#~ msgstr ""
834
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
835
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
836
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
837
 
838
#~ msgid ""
839
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
840
#~ "/usr/sbin/make-ca.sh\n"
841
#~ "</userinput>"
842
#~ msgstr ""
843
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
844
#~ "/usr/sbin/make-ca.sh\n"
845
#~ "</userinput>"
846
 
847
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
848
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
849
 
850
#~ msgid "6 MB"
851
#~ msgstr "6 Mo"
852
 
853
#~ msgid ""
854
#~ "The certfile.txt file above is actually retrieved from <ulink "
855
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
856
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
857
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
858
#~ " HTML file.  The Download URL above automates that process and also adds a "
859
#~ "line where the date can be extracted as a revision number by the scripts "
860
#~ "below."
861
#~ msgstr ""
862
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
863
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
864
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
865
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
866
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
867
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
868
#~ " par le script."
869
 
870
#~ msgid ""
871
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
872
#~ "<literal>#!/usr/bin/perl -w\n"
873
#~ "\n"
874
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
875
#~ "# Run as ./make-cert.pl > certificate.crt\n"
876
#~ "#\n"
877
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
878
#~ "#\n"
879
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
880
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
881
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
882
#~ "#\n"
883
#~ "# Authors: DJ Lucas\n"
884
#~ "#          Bruce Dubbs\n"
885
#~ "#\n"
886
#~ "# Version 20120211\n"
887
#~ "\n"
888
#~ "my $certdata = './tempfile.cer';\n"
889
#~ "\n"
890
#~ "open( IN, \"cat $certdata|\" )\n"
891
#~ "    || die \"could not open $certdata\";\n"
892
#~ "\n"
893
#~ "my $incert = 0;\n"
894
#~ "\n"
895
#~ "while ( &lt;IN&gt; )\n"
896
#~ "{\n"
897
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
898
#~ "    {\n"
899
#~ "        $incert = 1;\n"
900
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
901
#~ "            || die \"could not pipe to openssl x509\";\n"
902
#~ "    }\n"
903
#~ "\n"
904
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
905
#~ "    {\n"
906
#~ "        close( OUT );\n"
907
#~ "        $incert = 0;\n"
908
#~ "        print \"\\n\\n\";\n"
909
#~ "    }\n"
910
#~ "\n"
911
#~ "    elsif ($incert)\n"
912
#~ "    {\n"
913
#~ "        my @bs = split( /\\\\/ );\n"
914
#~ "        foreach my $b (@bs)\n"
915
#~ "        {\n"
916
#~ "            chomp $b;\n"
917
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
918
#~ "        }\n"
919
#~ "    }\n"
920
#~ "}</literal>\n"
921
#~ "EOF\n"
922
#~ "\n"
923
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
924
#~ msgstr ""
925
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
926
#~ "<literal>#!/usr/bin/perl -w\n"
927
#~ "\n"
928
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
929
#~ "# Run as ./make-cert.pl > certificate.crt\n"
930
#~ "#\n"
931
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
932
#~ "#\n"
933
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
934
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
935
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
936
#~ "#\n"
937
#~ "# Authors: DJ Lucas\n"
938
#~ "#          Bruce Dubbs\n"
939
#~ "#\n"
940
#~ "# Version 20120211\n"
941
#~ "\n"
942
#~ "my $certdata = './tempfile.cer';\n"
943
#~ "\n"
944
#~ "open( IN, \"cat $certdata|\" )\n"
945
#~ "    || die \"could not open $certdata\";\n"
946
#~ "\n"
947
#~ "my $incert = 0;\n"
948
#~ "\n"
949
#~ "while ( &lt;IN&gt; )\n"
950
#~ "{\n"
951
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
952
#~ "    {\n"
953
#~ "        $incert = 1;\n"
954
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
955
#~ "            || die \"could not pipe to openssl x509\";\n"
956
#~ "    }\n"
957
#~ "\n"
958
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
959
#~ "    {\n"
960
#~ "        close( OUT );\n"
961
#~ "        $incert = 0;\n"
962
#~ "        print \"\\n\\n\";\n"
963
#~ "    }\n"
964
#~ "\n"
965
#~ "    elsif ($incert)\n"
966
#~ "    {\n"
967
#~ "        my @bs = split( /\\\\/ );\n"
968
#~ "        foreach my $b (@bs)\n"
969
#~ "        {\n"
970
#~ "            chomp $b;\n"
971
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
972
#~ "        }\n"
973
#~ "    }\n"
974
#~ "}</literal>\n"
975
#~ "EOF\n"
976
#~ "\n"
977
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
978
 
979
#~ msgid ""
980
#~ "The following script creates the certificates and a bundle of all the "
981
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
982
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
983
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
984
#~ "user:"
985
#~ msgstr ""
986
#~ "Le script suivant crée les certificats et un bouquet de tous les "
987
#~ "certificats. Il crée un répertoire <filename "
988
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
989
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
990
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
991
 
992
#~ msgid ""
993
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
994
#~ "<literal>#!/bin/sh\n"
995
#~ "# Begin make-ca.sh\n"
996
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
997
#~ "#\n"
998
#~ "# The file certdata.txt must exist in the local directory\n"
999
#~ "# Version number is obtained from the version of the data.\n"
1000
#~ "#\n"
1001
#~ "# Authors: DJ Lucas\n"
1002
#~ "#          Bruce Dubbs\n"
1003
#~ "#\n"
1004
#~ "# Version 20120211\n"
1005
#~ "\n"
1006
#~ "# Some data in the certs have UTF-8 characters\n"
1007
#~ "export LANG=en_US.utf8\n"
1008
#~ "\n"
1009
#~ "certdata=\"certdata.txt\"\n"
1010
#~ "\n"
1011
#~ "if [ ! -r $certdata ]; then\n"
1012
#~ "  echo \"$certdata must be in the local directory\"\n"
1013
#~ "  exit 1\n"
1014
#~ "fi\n"
1015
#~ "\n"
1016
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1017
#~ "\n"
1018
#~ "if [ -z \"${REVISION}\" ]; then\n"
1019
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1020
#~ "  exit 1\n"
1021
#~ "fi\n"
1022
#~ "\n"
1023
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1024
#~ "\n"
1025
#~ "TEMPDIR=$(mktemp -d)\n"
1026
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1027
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1028
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1029
#~ "SSLDIR=\"/etc/ssl\"\n"
1030
#~ "\n"
1031
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1032
#~ "\n"
1033
#~ "# Get a list of starting lines for each cert\n"
1034
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1035
#~ "\n"
1036
#~ "# Get a list of ending lines for each cert\n"
1037
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1038
#~ "\n"
1039
#~ "# Start a loop\n"
1040
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1041
#~ "  for certend in ${CERTENDLIST}; do\n"
1042
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1043
#~ "      break\n"
1044
#~ "    fi\n"
1045
#~ "  done\n"
1046
#~ "\n"
1047
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1048
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1049
#~ "done\n"
1050
#~ "\n"
1051
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1052
#~ "\n"
1053
#~ "mkdir -p certs\n"
1054
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1055
#~ "\n"
1056
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1057
#~ "  # Make sure that the cert is trusted...\n"
1058
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1059
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1060
#~ "\n"
1061
#~ "  if test \"${?}\" = \"0\"; then\n"
1062
#~ "    # Throw a meaningful error and remove the file\n"
1063
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1064
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1065
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1066
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1067
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1068
#~ "    continue\n"
1069
#~ "  fi\n"
1070
#~ "\n"
1071
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1072
#~ "  # Find the cert data and generate a cert file for it\n"
1073
#~ "\n"
1074
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1075
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1076
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1077
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1078
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1079
#~ "  echo \"Created ${keyhash}.pem\"\n"
1080
#~ "done\n"
1081
#~ "\n"
1082
#~ "# Remove blacklisted files\n"
1083
#~ "# MD5 Collision Proof of Concept CA\n"
1084
#~ "if test -f certs/8f111d69.pem; then\n"
1085
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1086
#~ "  rm -f certs/8f111d69.pem\n"
1087
#~ "fi\n"
1088
#~ "\n"
1089
#~ "# Finally, generate the bundle and clean up.\n"
1090
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1091
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1092
#~ "EOF\n"
1093
#~ "\n"
1094
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1095
#~ msgstr ""
1096
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
1097
#~ "<literal>#!/bin/sh\n"
1098
#~ "# Begin make-ca.sh\n"
1099
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
1100
#~ "#\n"
1101
#~ "# The file certdata.txt must exist in the local directory\n"
1102
#~ "# Version number is obtained from the version of the data.\n"
1103
#~ "#\n"
1104
#~ "# Authors: DJ Lucas\n"
1105
#~ "#          Bruce Dubbs\n"
1106
#~ "#\n"
1107
#~ "# Version 20120211\n"
1108
#~ "\n"
1109
#~ "# Some data in the certs have UTF-8 characters\n"
1110
#~ "export LANG=en_US.utf8\n"
1111
#~ "\n"
1112
#~ "certdata=\"certdata.txt\"\n"
1113
#~ "\n"
1114
#~ "if [ ! -r $certdata ]; then\n"
1115
#~ "  echo \"$certdata must be in the local directory\"\n"
1116
#~ "  exit 1\n"
1117
#~ "fi\n"
1118
#~ "\n"
1119
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1120
#~ "\n"
1121
#~ "if [ -z \"${REVISION}\" ]; then\n"
1122
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1123
#~ "  exit 1\n"
1124
#~ "fi\n"
1125
#~ "\n"
1126
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1127
#~ "\n"
1128
#~ "TEMPDIR=$(mktemp -d)\n"
1129
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1130
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1131
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1132
#~ "SSLDIR=\"/etc/ssl\"\n"
1133
#~ "\n"
1134
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1135
#~ "\n"
1136
#~ "# Get a list of starting lines for each cert\n"
1137
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1138
#~ "\n"
1139
#~ "# Get a list of ending lines for each cert\n"
1140
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1141
#~ "\n"
1142
#~ "# Start a loop\n"
1143
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1144
#~ "  for certend in ${CERTENDLIST}; do\n"
1145
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1146
#~ "      break\n"
1147
#~ "    fi\n"
1148
#~ "  done\n"
1149
#~ "\n"
1150
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1151
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1152
#~ "done\n"
1153
#~ "\n"
1154
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1155
#~ "\n"
1156
#~ "mkdir -p certs\n"
1157
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1158
#~ "\n"
1159
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1160
#~ "  # Make sure that the cert is trusted...\n"
1161
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1162
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1163
#~ "\n"
1164
#~ "  if test \"${?}\" = \"0\"; then\n"
1165
#~ "    # Throw a meaningful error and remove the file\n"
1166
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1167
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1168
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1169
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1170
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1171
#~ "    continue\n"
1172
#~ "  fi\n"
1173
#~ "\n"
1174
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1175
#~ "  # Find the cert data and generate a cert file for it\n"
1176
#~ "\n"
1177
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1178
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1179
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1180
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1181
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1182
#~ "  echo \"Created ${keyhash}.pem\"\n"
1183
#~ "done\n"
1184
#~ "\n"
1185
#~ "# Remove blacklisted files\n"
1186
#~ "# MD5 Collision Proof of Concept CA\n"
1187
#~ "if test -f certs/8f111d69.pem; then\n"
1188
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1189
#~ "  rm -f certs/8f111d69.pem\n"
1190
#~ "fi\n"
1191
#~ "\n"
1192
#~ "# Finally, generate the bundle and clean up.\n"
1193
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1194
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1195
#~ "EOF\n"
1196
#~ "\n"
1197
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1198
 
1199
#~ msgid ""
1200
#~ "Add a short script to remove expired certificates from a directory.  Again "
1201
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1202
#~ "user:"
1203
#~ msgstr ""
1204
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
1205
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
1206
#~ "class=\"username\">root</systemitem>&nbsp;:"
1207
 
1208
#~ msgid ""
1209
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1210
#~ "<literal>#!/bin/sh\n"
1211
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1212
#~ "#\n"
1213
#~ "# Version 20120211\n"
1214
#~ "\n"
1215
#~ "# Make sure the date is parsed correctly on all systems\n"
1216
#~ "mydate()\n"
1217
#~ "{\n"
1218
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1219
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1220
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1221
#~ "  local m\n"
1222
#~ "\n"
1223
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1224
#~ "\n"
1225
#~ "  case $M in\n"
1226
#~ "    Jan) m=\"01\";;\n"
1227
#~ "    Feb) m=\"02\";;\n"
1228
#~ "    Mar) m=\"03\";;\n"
1229
#~ "    Apr) m=\"04\";;\n"
1230
#~ "    May) m=\"05\";;\n"
1231
#~ "    Jun) m=\"06\";;\n"
1232
#~ "    Jul) m=\"07\";;\n"
1233
#~ "    Aug) m=\"08\";;\n"
1234
#~ "    Sep) m=\"09\";;\n"
1235
#~ "    Oct) m=\"10\";;\n"
1236
#~ "    Nov) m=\"11\";;\n"
1237
#~ "    Dec) m=\"12\";;\n"
1238
#~ "  esac\n"
1239
#~ "\n"
1240
#~ "  certdate=\"${y}${m}${d}\"\n"
1241
#~ "}\n"
1242
#~ "\n"
1243
#~ "OPENSSL=/usr/bin/openssl\n"
1244
#~ "DIR=/etc/ssl/certs\n"
1245
#~ "\n"
1246
#~ "if [ $# -gt 0 ]; then\n"
1247
#~ "  DIR=\"$1\"\n"
1248
#~ "fi\n"
1249
#~ "\n"
1250
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1251
#~ "today=$( date +%Y%m%d )\n"
1252
#~ "\n"
1253
#~ "for cert in $certs; do\n"
1254
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1255
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1256
#~ "  mydate \"$date\"\n"
1257
#~ "\n"
1258
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1259
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1260
#~ "     rm -f \"${cert}\"\n"
1261
#~ "  fi\n"
1262
#~ "done</literal>\n"
1263
#~ "EOF\n"
1264
#~ "\n"
1265
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1266
#~ msgstr ""
1267
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1268
#~ "<literal>#!/bin/sh\n"
1269
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1270
#~ "#\n"
1271
#~ "# Version 20120211\n"
1272
#~ "\n"
1273
#~ "# Make sure the date is parsed correctly on all systems\n"
1274
#~ "mydate()\n"
1275
#~ "{\n"
1276
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1277
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1278
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1279
#~ "  local m\n"
1280
#~ "\n"
1281
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1282
#~ "\n"
1283
#~ "  case $M in\n"
1284
#~ "    Jan) m=\"01\";;\n"
1285
#~ "    Feb) m=\"02\";;\n"
1286
#~ "    Mar) m=\"03\";;\n"
1287
#~ "    Apr) m=\"04\";;\n"
1288
#~ "    May) m=\"05\";;\n"
1289
#~ "    Jun) m=\"06\";;\n"
1290
#~ "    Jul) m=\"07\";;\n"
1291
#~ "    Aug) m=\"08\";;\n"
1292
#~ "    Sep) m=\"09\";;\n"
1293
#~ "    Oct) m=\"10\";;\n"
1294
#~ "    Nov) m=\"11\";;\n"
1295
#~ "    Dec) m=\"12\";;\n"
1296
#~ "  esac\n"
1297
#~ "\n"
1298
#~ "  certdate=\"${y}${m}${d}\"\n"
1299
#~ "}\n"
1300
#~ "\n"
1301
#~ "OPENSSL=/usr/bin/openssl\n"
1302
#~ "DIR=/etc/ssl/certs\n"
1303
#~ "\n"
1304
#~ "if [ $# -gt 0 ]; then\n"
1305
#~ "  DIR=\"$1\"\n"
1306
#~ "fi\n"
1307
#~ "\n"
1308
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1309
#~ "today=$( date +%Y%m%d )\n"
1310
#~ "\n"
1311
#~ "for cert in $certs; do\n"
1312
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1313
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1314
#~ "  mydate \"$date\"\n"
1315
#~ "\n"
1316
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1317
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1318
#~ "     rm -f \"${cert}\"\n"
1319
#~ "  fi\n"
1320
#~ "done</literal>\n"
1321
#~ "EOF\n"
1322
#~ "\n"
1323
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1324
 
1325
#~ msgid ""
1326
#~ "The following commands will fetch the certificates and convert them to the "
1327
#~ "correct format.  If desired, a web browser may be used instead of "
1328
#~ "<application>wget</application> but the file will need to be saved with the "
1329
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1330
#~ "necessary to update the CA Certificates."
1331
#~ msgstr ""
1332
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1333
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1334
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1335
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1336
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1337
#~ "jour les Certificats CA."
1338
 
1339
#~ msgid ""
1340
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1341
#~ "rm -f certdata.txt &amp;&amp;\n"
1342
#~ "wget $URL          &amp;&amp;\n"
1343
#~ "make-ca.sh         &amp;&amp;\n"
1344
#~ "unset URL</userinput>"
1345
#~ msgstr ""
1346
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1347
#~ "rm -f certdata.txt &amp;&amp;\n"
1348
#~ "wget $URL          &amp;&amp;\n"
1349
#~ "make-ca.sh         &amp;&amp;\n"
1350
#~ "unset URL</userinput>"
1351
 
1352
#~ msgid ""
1353
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1354
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1355
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1356
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1357
#~ "c_rehash                                                     &amp;&amp;\n"
1358
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1359
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1360
#~ "unset SSLDIR</userinput>"
1361
#~ msgstr ""
1362
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1363
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1364
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1365
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1366
#~ "c_rehash                                                     &amp;&amp;\n"
1367
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1368
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1369
#~ "unset SSLDIR</userinput>"
1370
 
1371
#~ msgid "Finally, clean up the current directory:"
1372
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1373
 
1374
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1375
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1376
 
1377
#~ msgid ""
1378
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1379
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1380
#~ "certs'/>."
1381
#~ msgstr ""
1382
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1383
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1384
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1385
 
1386
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1387
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1388
 
1389
#~ msgid "<command>make-cert.pl</command>"
1390
#~ msgstr "<command>make-cert.pl</command>"
1391
 
1392
#~ msgid ""
1393
#~ "is a utility <application>perl</application> script that converts a single "
1394
#~ "binary certificate (.der format) into .pem format."
1395
#~ msgstr ""
1396
#~ "est un script <application>perl</application> qui convertit un certificat "
1397
#~ "binaire unique (format .der) au format .pem."
1398
 
1399
#~ msgid "make-cert"
1400
#~ msgstr "make-cert"
1401
 
1402
#~ msgid "<command>remove-expired-certs.sh</command>"
1403
#~ msgstr "<command>remove-expired-certs.sh</command>"
1404
 
1405
#~ msgid ""
1406
#~ "is a utility shell script that removes expired certificates from a "
1407
#~ "directory.  The default directory is <filename "
1408
#~ "class='directory'>/etc/ssl/certs</filename>."
1409
#~ msgstr ""
1410
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1411
#~ " répertoire par défaut est <filename "
1412
#~ "class='directory'>/etc/ssl/certs</filename>."
1413
 
1414
#~ msgid "remove-expired-certs"
1415
#~ msgstr "remove-expired-certs"