Subversion Repositories svn LFS-FR

Rev

Rev 8074 | Rev 8093 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7355 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
8083 jlepiller 9
"POT-Creation-Date: 2019-09-11 04:05+0000\n"
7882 jlepiller 10
"PO-Revision-Date: 2019-04-15 08:14+0000\n"
7355 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.8\n"
7882 jlepiller 19
"X-POOTLE-MTIME: 1555316043.769430\n"
7355 jlepiller 20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/make-ca.xml:7
23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
25
 
26
#. type: Content of the certpath entity
27
#: blfs-en/postlfs/security/make-ca.xml:8
28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
30
 
31
#. type: Content of the make-ca-buildsize entity
32
#: blfs-en/postlfs/security/make-ca.xml:9
33
msgid "6.6 MB (with all runtime deps)"
34
msgstr "6.6 Mo (avec toutes les dépendances à l'exécution)"
35
 
36
#. type: Content of the make-ca-time entity
37
#: blfs-en/postlfs/security/make-ca.xml:10
7605 jlepiller 38
msgid "0.1 SBU (with all runtime deps)"
39
msgstr "0.1 SBU (avec toutes les dépendances à l'exécution)"
7355 jlepiller 40
 
41
#. type: Content of the make-ca-download entity
42
#: blfs-en/postlfs/security/make-ca.xml:12
43
msgid ""
7687 jlepiller 44
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
45
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 46
msgstr ""
7687 jlepiller 47
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
48
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 49
 
50
#. type: Content of the make-ca-size entity
51
#: blfs-en/postlfs/security/make-ca.xml:13
8083 jlepiller 52
msgid "32 KB"
53
msgstr "32 Ko"
7355 jlepiller 54
 
55
#. type: Content of the make-ca-md5sum entity
56
#: blfs-en/postlfs/security/make-ca.xml:14
8083 jlepiller 57
msgid "0d50d9e0c9ebd6059fe4116353f2d5be"
58
msgstr "0d50d9e0c9ebd6059fe4116353f2d5be"
7355 jlepiller 59
 
60
#. type: Content of: <sect1><sect1info>
61
#: blfs-en/postlfs/security/make-ca.xml:21
8083 jlepiller 62
#| msgid ""
63
#| "<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2019-08-16 "
64
#| "22:28:01 +0000 (Fri, 16 Aug 2019) $</date>"
7355 jlepiller 65
msgid ""
8083 jlepiller 66
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-09-11 03:18:23"
67
" +0000 (Wed, 11 Sep 2019) $</date>"
7355 jlepiller 68
msgstr ""
8083 jlepiller 69
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-09-11 03:18:23"
70
" +0000 (Wed, 11 Sep 2019) $</date>"
7355 jlepiller 71
 
7360 jlepiller 72
#. type: Content of: <sect1><title>
73
#: blfs-en/postlfs/security/make-ca.xml:25
74
msgid "make-ca-&make-ca-version;"
75
msgstr "make-ca-&make-ca-version;"
76
 
7355 jlepiller 77
#. type: Content of:
78
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7360 jlepiller 79
#: blfs-en/postlfs/security/make-ca.xml:27
8052 jlepiller 80
#: blfs-en/postlfs/security/make-ca.xml:261
81
#: blfs-en/postlfs/security/make-ca.xml:279
7355 jlepiller 82
msgid "make-ca"
83
msgstr "make-ca"
84
 
7360 jlepiller 85
#. type: Content of: <sect1><sect2><title>
86
#: blfs-en/postlfs/security/make-ca.xml:31
87
msgid "Introduction to make-ca"
88
msgstr "Introduction à make-ca"
89
 
90
#. type: Content of: <sect1><sect2><para>
91
#: blfs-en/postlfs/security/make-ca.xml:34
7355 jlepiller 92
msgid ""
93
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
94
"an otherwise unknown entity across untrusted networks. PKI works by "
95
"establishing a chain of trust, rather than trusting each individual host or "
96
"entity explicitly. In order for a certificate presented by a remote entity "
97
"to be trusted, that certificate must present a complete chain of "
98
"certificates that can be validated using the root certificate of a "
99
"Certificate Authority (CA) that is trusted by the local machine."
100
msgstr ""
101
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
102
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
103
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
104
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
105
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
106
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
107
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
108
"autorité de certification (CA) en laquelle la machine locale a confiance."
109
 
7360 jlepiller 110
#. type: Content of: <sect1><sect2><para>
111
#: blfs-en/postlfs/security/make-ca.xml:44
7355 jlepiller 112
msgid ""
113
"Establishing trust with a CA involves validating things like company "
114
"address, ownership, contact information, etc., and ensuring that the CA has "
115
"followed best practices, such as undergoing periodic security audits by "
116
"independent investigators and maintaining an always available certificate "
117
"revocation list. This is well outside the scope of BLFS (as it is for most "
118
"Linux distributions). The certificate store provided here is taken from the "
119
"Mozilla Foundation, who have established very strict inclusion policies "
120
"described <ulink url=\"https://www.mozilla.org/en-"
121
"US/about/governance/policies/security-group/certs/\">here</ulink>."
122
msgstr ""
123
"L'établissement de la confiance avec une CA nécessite de valider des choses "
124
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
125
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
126
"audits de sécurité périodiques par des enquêteurs indépendants et le "
127
"maintient d'une liste de révocation de certificats toujours disponible. Ceci"
128
" est bien au delà de la portée de BLFS (comme pour la plupart des "
129
"distributions Linux). Le magasin de certificats fournit ici est emprunté à "
130
"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"
131
" décrite <ulink url=\"https://www.mozilla.org/en-"
132
"US/about/governance/policies/security-group/certs/\">ici</ulink>."
133
 
134
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 135
#: blfs-en/postlfs/security/make-ca.xml:57
7355 jlepiller 136
msgid "Package Information"
137
msgstr "Informations sur le paquet"
138
 
139
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 140
#: blfs-en/postlfs/security/make-ca.xml:60
7355 jlepiller 141
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
142
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
143
 
144
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 145
#: blfs-en/postlfs/security/make-ca.xml:63
7355 jlepiller 146
msgid "Download size: &make-ca-size;"
147
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
148
 
149
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 150
#: blfs-en/postlfs/security/make-ca.xml:66
7355 jlepiller 151
msgid "Download MD5 Sum: &make-ca-md5sum;"
152
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
153
 
154
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 155
#: blfs-en/postlfs/security/make-ca.xml:69
7355 jlepiller 156
msgid "Estimated disk space required: &make-ca-buildsize;"
157
msgstr "Estimation de l'espace disque requis&nbsp;: &make-ca-buildsize;"
158
 
159
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 160
#: blfs-en/postlfs/security/make-ca.xml:72
7355 jlepiller 161
msgid "Estimated build time: &make-ca-time;"
162
msgstr "Estimation du temps de construction&nbsp;: &make-ca-time;"
163
 
164
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 165
#: blfs-en/postlfs/security/make-ca.xml:76
7355 jlepiller 166
msgid "make-ca Dependencies"
167
msgstr "Dépendances de make-ca"
168
 
169
#. type: Content of: <sect1><sect2><bridgehead>
7605 jlepiller 170
#: blfs-en/postlfs/security/make-ca.xml:78
7630 jlepiller 171
msgid "Required"
172
msgstr "Requises"
7605 jlepiller 173
 
174
#. type: Content of: <sect1><sect2><para>
175
#: blfs-en/postlfs/security/make-ca.xml:79
176
msgid ""
177
"<xref linkend=\"p11-kit\"/> (required at runtime to generate certificate "
178
"stores from trust anchors)"
179
msgstr ""
180
"<xref linkend=\"p11-kit\"/> (requis à l'exécution pour générer des banques "
181
"de certificats à partir d'ancres de confiance)"
182
 
183
#. type: Content of: <sect1><sect2><bridgehead>
7630 jlepiller 184
#: blfs-en/postlfs/security/make-ca.xml:83
7355 jlepiller 185
msgid "Optional (runtime)"
186
msgstr "Facultatives (exécution)"
187
 
188
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 189
#: blfs-en/postlfs/security/make-ca.xml:85
7355 jlepiller 190
msgid ""
191
"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "
7605 jlepiller 192
"linkend=\"openjdk\"/> (to generate a java PKCS#12 store), and <xref "
193
"role=\"runtime\" linkend=\"nss\"/> (to generate a shared NSSDB)"
7355 jlepiller 194
msgstr ""
195
"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "
7605 jlepiller 196
"linkend=\"openjdk\"/> (pour générer une banque PKCS#12 java) et <xref "
197
"role=\"runtime\" linkend=\"nss\"/> (pour générer un NSSDB partagé)"
7355 jlepiller 198
 
199
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 200
#: blfs-en/postlfs/security/make-ca.xml:91
7355 jlepiller 201
msgid "User Notes: <ulink url='&blfs-wiki;/make-ca'/>"
202
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/make-ca'/>"
203
 
204
#. type: Content of: <sect1><sect2><title>
7630 jlepiller 205
#: blfs-en/postlfs/security/make-ca.xml:96
7355 jlepiller 206
msgid "Installation of make-ca"
207
msgstr "Installation de make-ca"
208
 
209
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 210
#: blfs-en/postlfs/security/make-ca.xml:98
7355 jlepiller 211
msgid ""
212
"The <application>make-ca</application> script will download and process the "
213
"certificates included in the <filename>certdata.txt</filename> file for use "
7605 jlepiller 214
"as trust anchors for the <xref linkend=\"p11-kit\"/> trust module. "
215
"Additionally, it will generate system certificate stores used by BLFS "
216
"applications (if the recommended and optional applications are present on "
217
"the system). Any local certificates stored in "
218
"<filename>/etc/ssl/local</filename> will be imported to both the trust "
7881 jlepiller 219
"anchors and the generated certificate stores (overriding Mozilla's trust). "
220
"Additionally, any modified trust values will be copied from the trust "
221
"anchors to <filename>/etc/ssl/local</filename> prior to any updates, "
222
"preserving custom trust values that differ from Mozilla when using the "
223
"<command>trust</command> utility from <application>p11-kit</application> to "
224
"operate on the trust store."
7355 jlepiller 225
msgstr ""
7605 jlepiller 226
"Le script <application>make-ca</application> téléchargera et adaptera les "
227
"certificats inclus dans le fichier <filename>certdata.txt</filename> pour "
228
"l'utiliser comme ancre de confiance dans le module de confiance de <xref "
229
"linkend=\"p11-kit\"/>. En plus, il générera les banques de certificats du "
230
"système utilisées par les application de BLFS (si les applications "
231
"recommandées et facultatives sont présentes sur le système). Tout certificat"
232
" local stocké dans <filename>/etc/ssl/local</filename> sera importé dans les"
233
" ancres de confiance et dans les banques de certificats générées (en "
7882 jlepiller 234
"remplaçant la confiance de Mozilla). En plus, toute valeur de confiance "
235
"modifiée sera copiée des ancres de confiance vers "
236
"<filename>/etc/ssl/local</filename> avant toute mise à jour, ce qui "
237
"préservera les modifications de valeurs de confiance différentes de celles "
238
"de Mozilla lorsque vous utiliserez l'utilitaire <command>trust</command> de "
239
"<application>p11-kit</application> pour effectuer des opération sur la "
240
"banque de certificats."
7355 jlepiller 241
 
242
#. type: Content of: <sect1><sect2><para>
7881 jlepiller 243
#: blfs-en/postlfs/security/make-ca.xml:112
7355 jlepiller 244
msgid ""
245
"To install the various certificate stores, first install the "
246
"<application>make-ca</application> script into the correct location.  As the"
247
" <systemitem class=\"username\">root</systemitem> user:"
248
msgstr ""
249
"Pour installer les divers magasins de certificats, installez le script "
250
"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "
251
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
252
 
253
#. type: Content of: <sect1><sect2><screen>
7881 jlepiller 254
#: blfs-en/postlfs/security/make-ca.xml:116
7355 jlepiller 255
#, no-wrap
7881 jlepiller 256
msgid ""
257
"<userinput>make install &amp;&amp;\n"
258
"install -vdm755 /etc/ssl/local</userinput>"
259
msgstr ""
260
"<userinput>make install &amp;&amp;\n"
261
"install -vdm755 /etc/ssl/local</userinput>"
7355 jlepiller 262
 
263
#. type: Content of: <sect1><sect2><para>
7881 jlepiller 264
#: blfs-en/postlfs/security/make-ca.xml:119
7355 jlepiller 265
msgid ""
7605 jlepiller 266
"As the <systemitem class=\"username\">root</systemitem> user, after "
267
"installing <xref linkend=\"p11-kit\"/>, download the certificate source and "
268
"prepare for system use with the following command:"
7355 jlepiller 269
msgstr ""
270
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
7605 jlepiller 271
"après l'installation de <xref linkend=\"p11-kit\"/>, téléchargez la banque "
272
"de certificats et préparez-la à être utilisée par le système avec la "
273
"commande suivante&nbsp;:"
7355 jlepiller 274
 
275
#. type: Content of: <sect1><sect2><note><para>
7881 jlepiller 276
#: blfs-en/postlfs/security/make-ca.xml:124
7355 jlepiller 277
msgid ""
278
"If running the script a second time with the same version of "
279
"<filename>certdata.txt</filename>, for instance, to add additional stores as"
7605 jlepiller 280
" the requisite software is installed, add the <parameter>-r</parameter> "
7355 jlepiller 281
"switch to the command line. If packaging, run <command>make-ca "
282
"--help</command> to see all available command line options."
283
msgstr ""
284
"Si vous lancez le script une deuxième fois avec la même version de "
7605 jlepiller 285
"<filename>certdata.txt</filename>, par exemple pour ajouter des banques "
7355 jlepiller 286
"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "
7605 jlepiller 287
"<parameter>-r</parameter> à la ligne de commande. Si vous créez un paquet, "
7355 jlepiller 288
"lancez <command>make-ca --help</command> pour voir toutes les options de la "
289
"ligne de commande disponibles."
290
 
291
#. type: Content of: <sect1><sect2><screen>
7881 jlepiller 292
#: blfs-en/postlfs/security/make-ca.xml:131
7355 jlepiller 293
#, no-wrap
7465 jlepiller 294
msgid "<userinput>/usr/sbin/make-ca -g</userinput>"
295
msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"
7355 jlepiller 296
 
297
#. type: Content of: <sect1><sect2><para>
7881 jlepiller 298
#: blfs-en/postlfs/security/make-ca.xml:134
7355 jlepiller 299
msgid ""
7716 jlepiller 300
"Previous versions of BLFS used the path <filename>/etc/ssl/ca-"
7687 jlepiller 301
"bundle.crt</filename> for the <xref linkend=\"gnutls\"/> certificate store. "
302
"If software is still installed that references this file, create a "
7800 jlepiller 303
"compatibility symlink for the old location as the <systemitem "
7687 jlepiller 304
"class=\"username\">root</systemitem> user:"
305
msgstr ""
7692 jlepiller 306
"Les versions précédentes de BLFS utilisaient le chemin "
307
"<filename>/etc/ssl/ca-bundle.crt</filename> pour le dépôt des certificats de"
308
" <xref linkend=\"gnutls\"/>. Si des logiciels référençant ce fichier sont "
309
"toujours installés, créez un lien symbolique de compatibilité pour l'ancien "
310
"emplacement en tant qu'utilisateur <systemitem "
311
"class=\"username\">root</systemitem>&nbsp;:"
7687 jlepiller 312
 
313
#. type: Content of: <sect1><sect2><screen>
7881 jlepiller 314
#: blfs-en/postlfs/security/make-ca.xml:140
7687 jlepiller 315
#, no-wrap
316
msgid ""
8052 jlepiller 317
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-"
318
"bundle.crt</userinput>"
7687 jlepiller 319
msgstr ""
8052 jlepiller 320
"<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-"
321
"bundle.crt</userinput>"
7687 jlepiller 322
 
323
#. type: Content of: <sect1><sect2><para>
8052 jlepiller 324
#: blfs-en/postlfs/security/make-ca.xml:142
7687 jlepiller 325
msgid ""
7881 jlepiller 326
"You should periodically update the store with the above command, either "
7355 jlepiller 327
"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "
328
"revision=\"systemd\">systemd timer. A timer is installed at "
7724 jlepiller 329
"<filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if "
330
"enabled, will check for updates weekly. </phrase><phrase "
331
"revision=\"sysv\">If you've installed <xref linkend=\"fcron\"/> and "
332
"completed the section on periodic jobs, execute</phrase><phrase "
333
"revision=\"systemd\">Execute</phrase> the following commands, as the "
334
"<systemitem class=\"username\">root</systemitem> user, to <phrase "
335
"revision=\"sysv\">create a weekly cron job:</phrase> <phrase "
336
"revision=\"systemd\">enable the systemd timer:</phrase>"
7355 jlepiller 337
msgstr ""
7882 jlepiller 338
"Vous devriez mettre à jour régulièrement la banque de certificats avec la "
339
"commande ci-dessus soit manuellement, soit via <phrase revision=\"sysv\">une"
340
" tâche cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer"
341
" est installé dans <filename>/usr/lib/systemd/system/update-"
342
"pki.timer</filename> et s'il est activé, il vérifiera les mises à jour une "
343
"fois par semaine.</phrase><phrase revision=\"sysv\">Si vous avez installé "
344
"<xref linkend=\"fcron\"/> et complété la section sur les travaux "
345
"périodiques, exécutez</phrase><phrase revision=\"systemd\">Exécutez</phrase>"
346
" les commandes suivantes, en tant qu'utilisateur <systemitem "
7725 jlepiller 347
"class=\"username\">root</systemitem> pour <phrase revision=\"sysv\">créer "
348
"une tache cron hebdomadaire&nbsp;:</phrase><phrase "
349
"revision=\"systemd\">activer le timer systemd&nbsp;:</phrase>"
7355 jlepiller 350
 
7724 jlepiller 351
#. type: Content of: <sect1><sect2><screen>
8052 jlepiller 352
#: blfs-en/postlfs/security/make-ca.xml:155
7724 jlepiller 353
#, no-wrap
354
msgid ""
7740 jlepiller 355
"<userinput>install -vdm755 /etc/cron.weekly                       &amp;&amp;\n"
356
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 357
"<literal>#!/bin/bash\n"
358
"/usr/sbin/make-ca -g</literal>\n"
359
"EOF\n"
360
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
361
msgstr ""
7740 jlepiller 362
"<userinput>install -vdm755 /etc/cron.weekly                       &amp;&amp;\n"
363
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 364
"<literal>#!/bin/bash\n"
365
"/usr/sbin/make-ca -g</literal>\n"
366
"EOF\n"
367
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
368
 
369
#. type: Content of: <sect1><sect2><screen>
8052 jlepiller 370
#: blfs-en/postlfs/security/make-ca.xml:162
7724 jlepiller 371
#, no-wrap
372
msgid "<userinput>systemctl enable update-pki.timer</userinput>"
373
msgstr "<userinput>systemctl enable update-pki.timer</userinput>"
374
 
7687 jlepiller 375
#. type: Content of: <sect1><sect2><title>
8052 jlepiller 376
#: blfs-en/postlfs/security/make-ca.xml:167
7687 jlepiller 377
msgid "Configuring make-ca"
378
msgstr "Configuration de make-ca"
379
 
7355 jlepiller 380
#. type: Content of: <sect1><sect2><para>
8052 jlepiller 381
#: blfs-en/postlfs/security/make-ca.xml:169
7355 jlepiller 382
msgid ""
7800 jlepiller 383
"For most users, no additional configuration is necessary, however, the "
7687 jlepiller 384
"default <filename>certdata.txt</filename> file provided by make-ca is "
7355 jlepiller 385
"obtained from the mozilla-release branch, and is modified to provide a "
7687 jlepiller 386
"Mercurial revision. This will be the correct version for most systems.  "
387
"There are several other variants of the file available for use that might be"
388
" preferred for one reason or another, including the files shipped with "
389
"Mozilla products in this book. RedHat and OpenSUSE, for instance, use the "
390
"version included in <xref linkend=\"nss\"/>. Additional upstream downloads "
391
"are available at the links included in <filename>/etc/make-"
392
"ca.conf.dist</filename>. Simply copy the file to <filename>/etc/make-"
393
"ca.conf</filename> and edit as appropriate."
7355 jlepiller 394
msgstr ""
7802 jlepiller 395
"Pour la plupart des utilisateurs, aucune configuration supplémentaire n'est "
396
"nécessaire, cependant le fichier <filename>certdata.txt</filename> par "
397
"défaut fournit par make-ca est obtenu à partir de la branche mozilla-"
398
"release, et est modifié pour fournir une révision Mercurial. Ce sera la "
399
"bonne version pour la plupart des systèmes. Il y a plusieurs variantes du "
400
"fichier disponibles à l'utilisation que vous pourriez préférer pour une "
401
"raison ou une autre, incluses dans les produits Mozilla dans ce livre. "
402
"RedHat et OpenSUSE par exemple utilisent la version incluse dans <xref "
403
"linkend=\"nss\"/>. Des emplacements de téléchargement supplémentaires sont "
404
"disponibles dans les liens inclus dans <filename>/etc/make-"
405
"ca.conf.dist</filename>. Copiez simplement ce fichier vers "
406
"<filename>/etc/make-ca.conf</filename> et modifiez-le comme vous le voulez."
7355 jlepiller 407
 
7687 jlepiller 408
#. type: Content of: <sect1><sect2><indexterm><primary>
8052 jlepiller 409
#: blfs-en/postlfs/security/make-ca.xml:182
7687 jlepiller 410
msgid "/etc/make-ca.conf"
411
msgstr "/etc/make-ca.conf"
7355 jlepiller 412
 
7800 jlepiller 413
#. type: Content of: <sect1><sect2><bridgehead>
8052 jlepiller 414
#: blfs-en/postlfs/security/make-ca.xml:185
7800 jlepiller 415
msgid "About Trust Arguments"
7802 jlepiller 416
msgstr "À propos des arguments sur la confiance"
7800 jlepiller 417
 
418
#. type: Content of: <sect1><sect2><para>
8052 jlepiller 419
#: blfs-en/postlfs/security/make-ca.xml:187
7800 jlepiller 420
msgid ""
421
"There are three trust types that are recognized by the <application>make-"
422
"ca</application> script, SSL/TLS, S/Mime, and code signing. For "
423
"<application>OpenSSL</application>, these are "
424
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter>, "
425
"and <parameter>codeSigning</parameter> respectively. If one of the three "
426
"trust arguments is omitted, the certificate is neither trusted, nor rejected"
427
" for that role. Clients that use <application>OpenSSL</application> or "
428
"<application>NSS</application> encountering this certificate will present a "
429
"warning to the user. Clients using <application>GnuTLS</application> without"
430
" <application>p11-kit</application> support are not aware of trusted "
431
"certificates. To include this CA into the <filename>ca-"
432
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename>, or "
433
"<filename>objsign-ca-bundle.crt</filename> files (the "
434
"<application>GnuTLS</application> legacy bundles), it must have the "
435
"appropriate trust arguments."
436
msgstr ""
7802 jlepiller 437
"Il y a trois types de confiances reconnues par le script <application>make-"
438
"ca</application>, SSL/TLS, S/Mime et signature de code. Pour "
439
"<application>OpenSSL</application>, il s'agit de "
440
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter> et"
441
" <parameter>codeSigning</parameter> respectivement. Si un argument trust en "
442
"omis, le certificat n'est ni reconnu ni rejeté pour ce rôle. Les clients qui"
443
" utilisent <application>OpenSSL</application> ou "
7800 jlepiller 444
"<application>NSS</application> rencontrant ce certificat renverront un "
7802 jlepiller 445
"avertissement à l'utilisateur. Les clients qui utilisent "
7800 jlepiller 446
"<application>GnuTLS</application> sans le support de "
447
"<application>p11-kit</application> ne sont pas conscient des certificats de "
7802 jlepiller 448
"confiance. Pour inclure cette CA dans les fichiers <filename>ca-"
449
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename> ou "
450
"<filename>objsign-ca-bundle.crt</filename> (les anciens lots de "
451
"<application>GnuTLS</application>), il doit avoir l'argument de confiance "
452
"approprié."
7800 jlepiller 453
 
454
#. type: Content of: <sect1><sect2><bridgehead>
8052 jlepiller 455
#: blfs-en/postlfs/security/make-ca.xml:205
7800 jlepiller 456
msgid "Adding Additional CA Certificates"
7802 jlepiller 457
msgstr "Ajouter des certificats de CA supplémentaires"
7800 jlepiller 458
 
459
#. type: Content of: <sect1><sect2><para>
8052 jlepiller 460
#: blfs-en/postlfs/security/make-ca.xml:207
7800 jlepiller 461
msgid ""
462
"The <filename class=\"directory\">/etc/ssl/local</filename> directory is "
463
"available to add additional CA certificates to the system. For instance, you"
464
" might need to add an organization or government CA certificate.  Files in "
465
"this directory must be in the <application>OpenSSL</application> trusted "
466
"certificate format. To create an <application>OpenSSL</application> trusted "
467
"certificate from a regular PEM encoded file, you need to add trust arguments"
468
" to the <command>openssl</command> command, and create a new certificate. "
469
"For example, using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> "
470
"roots, if you want to trust both for all three roles, the following commands"
471
" will create appropriate OpenSSL trusted certificates (run as the "
472
"<systemitem class=\"username\">root</systemitem> user after <xref "
473
"linkend=\"wget\"/> is installed):"
474
msgstr ""
7802 jlepiller 475
"Le répertoire <filename class=\"directory\">/etc/ssl/local</filename> est "
476
"disponible pour ajouter des certificats de CA supplémentaires sur le "
477
"système. Par exemple, vous pourriez avoir besoin d'ajouter une CA d'une "
478
"organisation ou d'un gouvernement. Les fichiers de ce répertoire doivent "
479
"être au format de certification de confiance "
480
"d'<application>OpenSSL</application>. Pour créer un certificat de confiance "
481
"<application>OpenSSL</application> depuis un fichier normal encodé en PEM, "
482
"vous devrez ajouter des arguments «&nbsp;trust&nbsp;» à la commande "
483
"<command>openssl</command> et créer un nouveau certificat. Par exemple, si "
484
"vous souhaitez utiliser les racines <ulink "
7800 jlepiller 485
"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "
486
"confiance pour ces trois rôles, les commandes suivantes créeront des "
487
"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "
488
"<systemitem class=\"username\">root</systemitem> après l'installation de "
489
"<xref linkend=\"wget\"/>)&nbsp;:"
490
 
491
#. type: Content of: <sect1><sect2><screen>
8052 jlepiller 492
#: blfs-en/postlfs/security/make-ca.xml:221
7800 jlepiller 493
#, no-wrap
494
msgid ""
7881 jlepiller 495
"<userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
7800 jlepiller 496
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
497
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
498
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
499
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
500
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
501
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
7881 jlepiller 502
"        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;\n"
503
"/usr/sbin/make-ca -r -f</userinput>"
7800 jlepiller 504
msgstr ""
7881 jlepiller 505
"<userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
7800 jlepiller 506
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
507
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
508
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
509
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
510
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
511
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
7881 jlepiller 512
"        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;\n"
513
"/usr/sbin/make-ca -r -f</userinput>"
7800 jlepiller 514
 
515
#. type: Content of: <sect1><sect2><bridgehead>
8052 jlepiller 516
#: blfs-en/postlfs/security/make-ca.xml:231
7800 jlepiller 517
msgid "Overriding Mozilla Trust"
7802 jlepiller 518
msgstr "Remplacer la confiance de Mozilla"
7800 jlepiller 519
 
520
#. type: Content of: <sect1><sect2><para>
8052 jlepiller 521
#: blfs-en/postlfs/security/make-ca.xml:233
7800 jlepiller 522
msgid ""
523
"Occasionally, there may be instances where you don't agree with Mozilla's "
524
"inclusion of a particular certificate authority. If you'd like to override "
525
"the default trust of a particular CA, simply create a copy of the existing "
526
"certificate in <filename class=\"directory\">/etc/ssl/local</filename> with "
527
"different trust arguments. For example, if you'd like to distrust the "
528
"\"Makebelieve_CA_Root\" file, run the following commands:"
529
msgstr ""
7802 jlepiller 530
"Parfois, il peut arriver que vous ne soyez pas d'accord avec l'inclusion "
531
"d'une autorité de certification particulière. Si vous voulez remplacer la "
532
"confiance par défaut d'une CA particulière, créez simplement une copie du "
533
"certificat existant dans <filename "
534
"class=\"directory\">/etc/ssl/local</filename> avec des arguments de "
535
"confiances différents. Par exemple, si vous ne voulez pas faire confiance au"
536
" fichier «&nbsp;Makebelieve_CA_Root&nbsp;», lancez les commandes "
537
"suivantes&nbsp;:"
7800 jlepiller 538
 
539
#. type: Content of: <sect1><sect2><screen>
8052 jlepiller 540
#: blfs-en/postlfs/security/make-ca.xml:241
7800 jlepiller 541
#, no-wrap
542
msgid ""
7881 jlepiller 543
"<userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
7800 jlepiller 544
"             -text \\\n"
7956 jlepiller 545
"             -fingerprint \\\n"
7800 jlepiller 546
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
547
"             -addreject serverAuth \\\n"
548
"             -addreject emailProtection \\\n"
549
"             -addreject codeSigning \\\n"
550
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
551
"/usr/sbin/make-ca -r -f</userinput>"
552
msgstr ""
7881 jlepiller 553
"<userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
7800 jlepiller 554
"             -text \\\n"
7956 jlepiller 555
"             -fingerprint \\\n"
7800 jlepiller 556
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
557
"             -addreject serverAuth \\\n"
558
"             -addreject emailProtection \\\n"
559
"             -addreject codeSigning \\\n"
560
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
561
"/usr/sbin/make-ca -r -f</userinput>"
562
 
7687 jlepiller 563
#. type: Content of: <sect1><sect2><title>
8052 jlepiller 564
#: blfs-en/postlfs/security/make-ca.xml:254
7355 jlepiller 565
msgid "Contents"
566
msgstr "Contenu"
567
 
568
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
8052 jlepiller 569
#: blfs-en/postlfs/security/make-ca.xml:257
7355 jlepiller 570
msgid "Installed Programs"
571
msgstr "Programmes installés"
572
 
573
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
8052 jlepiller 574
#: blfs-en/postlfs/security/make-ca.xml:258
7355 jlepiller 575
msgid "Installed Directories"
576
msgstr "Répertoires installés"
577
 
578
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
8052 jlepiller 579
#: blfs-en/postlfs/security/make-ca.xml:262
7800 jlepiller 580
msgid "/etc/ssl/{certs,local} and /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7802 jlepiller 581
msgstr "/etc/ssl/{certs,local} et /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7355 jlepiller 582
 
583
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
8052 jlepiller 584
#: blfs-en/postlfs/security/make-ca.xml:268
7355 jlepiller 585
msgid "Short Descriptions"
586
msgstr "Descriptions courtes"
587
 
588
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
8052 jlepiller 589
#: blfs-en/postlfs/security/make-ca.xml:273
7355 jlepiller 590
msgid "<command>make-ca</command>"
591
msgstr "<command>make-ca</command>"
592
 
593
#. type: Content of:
594
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
8052 jlepiller 595
#: blfs-en/postlfs/security/make-ca.xml:275
7355 jlepiller 596
msgid ""
597
"is a shell script that adapts a current version of "
598
"<filename>certdata.txt</filename>, and prepares it for use as the system "
7605 jlepiller 599
"trust store."
7355 jlepiller 600
msgstr ""
601
"est un script shell qui adapte une version actuelle de "
7605 jlepiller 602
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme banque"
603
" de confiance du système."
7355 jlepiller 604
 
8083 jlepiller 605
#~ msgid "28 KB"
606
#~ msgstr "28 Ko"
607
 
608
#~ msgid "995896ca8b4ee1f92a4a8fa46585d59d"
609
#~ msgstr "995896ca8b4ee1f92a4a8fa46585d59d"
610
 
7881 jlepiller 611
#~ msgid "5b68cf77b02d5681f8419b8acfd139c0"
612
#~ msgstr "5b68cf77b02d5681f8419b8acfd139c0"
613
 
7724 jlepiller 614
#~ msgid "417a8ebfb3d6ac4821c1e508a0a3981f"
615
#~ msgstr "417a8ebfb3d6ac4821c1e508a0a3981f"
616
 
7723 jlepiller 617
#~ msgid "b038d38233f970aad60c29dfc0502021"
618
#~ msgstr "b038d38233f970aad60c29dfc0502021"
619
 
7687 jlepiller 620
#~ msgid "36 KB"
621
#~ msgstr "36 Ko"
7660 jlepiller 622
 
7687 jlepiller 623
#~ msgid "0eeaf712eedeae4fa55d8bfa37f4ca32"
624
#~ msgstr "0eeaf712eedeae4fa55d8bfa37f4ca32"
625
 
626
#~ msgid ""
627
#~ "Mozilla Release (the version provided by BLFS): <ulink "
628
#~ "url=\"&certhost;releases/mozilla-release/raw-"
629
#~ "file/default/security/nss&certpath;\"/>"
630
#~ msgstr ""
631
#~ "Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
632
#~ "url=\"&certhost;releases/mozilla-release/raw-"
633
#~ "file/default/security/nss&certpath;\"/>"
634
 
635
#~ msgid ""
636
#~ "NSS (this is the latest available version): <ulink "
637
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
638
#~ msgstr ""
639
#~ "NSS (c'est la dernière version disponible)&nbsp;: <ulink "
640
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
641
 
642
#~ msgid ""
643
#~ "Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
644
#~ "file/default/security/nss&certpath;\"/>"
645
#~ msgstr ""
646
#~ "Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
647
#~ "file/default/security/nss&certpath;\"/>"
648
 
649
#~ msgid ""
650
#~ "Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
651
#~ "file/default/security/nss&certpath;\"/>"
652
#~ msgstr ""
653
#~ "Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
654
#~ "file/default/security/nss&certpath;\"/>"
655
 
656
#~ msgid ""
657
#~ "Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
658
#~ "file/default/security/nss&certpath;\"/>"
659
#~ msgstr ""
660
#~ "Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
661
#~ "file/default/security/nss&certpath;\"/>"
662
 
663
#~ msgid "Installed Libraries"
664
#~ msgstr "Bibliothèques installées"
665
 
666
#~ msgid "None"
667
#~ msgstr "Aucune"
668
 
7630 jlepiller 669
#~ msgid "Recommended"
670
#~ msgstr "Recommandées"
671
 
7605 jlepiller 672
#~ msgid "1f0176c4fa89274971b2826a97f303f7"
673
#~ msgstr "1f0176c4fa89274971b2826a97f303f7"
674
 
7465 jlepiller 675
#~ msgid "4f180b9bf3b11f29d6a79e6022aeae23"
676
#~ msgstr "4f180b9bf3b11f29d6a79e6022aeae23"
7409 jlepiller 677
 
7465 jlepiller 678
#~ msgid ""
679
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
680
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
681
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
682
#~ "/usr/sbin/make-ca -g</userinput>"
683
#~ msgstr ""
684
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
685
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
686
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
687
#~ "/usr/sbin/make-ca -g</userinput>"
688
 
689
#~ msgid ""
690
#~ "The <command>sed</command> command works around missing quotes in "
691
#~ "<command>c_rehash</command> from openssl-1.1.0h and can be safely rerun (the"
692
#~ " \" inserted the first time will prevent matches on subsequent runs)."
693
#~ msgstr ""
694
#~ "La commande <command>sed</command> contourne le manque de guillemets dans "
695
#~ "<command>c_rehash</command> d'openssl-1.1.0h et peut être relancé sans "
696
#~ "problème (le \" inséré la première fois évitera une correspondance sur les "
697
#~ "lancements suivants)."
698
 
7355 jlepiller 699
#~ msgid "Certificate Authority Certificates"
700
#~ msgstr "Certificats d'autorité de certification"
701
 
702
#~ msgid "Certificate Authority Certificates Dependencies"
703
#~ msgstr "Dépendances de Certificate Authority Certificates"
704
 
705
#~ msgid "Installation of Certificate Authority Certificates"
706
#~ msgstr "Installation de Certificate Authority Certificates"
707
 
708
#~ msgid "851f9e267f343c54db8caa87ec5b3d75"
709
#~ msgstr "851f9e267f343c54db8caa87ec5b3d75"
710
 
711
#~ msgid "<xref linkend=\"openssl\"/>"
712
#~ msgstr "<xref linkend=\"openssl\"/>"
713
 
714
#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"
715
#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"
716
 
717
#~ msgid "&sources-anduin-http;/other/certdata.txt"
718
#~ msgstr "&sources-anduin-http;/other/certdata.txt"
719
 
720
#~ msgid "1.6 MB"
721
#~ msgstr "1.6 Mo"
722
 
723
#~ msgid "24 KB"
724
#~ msgstr "24 Ko"
725
 
726
#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"
727
#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"
728
 
729
#~ msgid "Additional Downloads"
730
#~ msgstr "Téléchargements supplémentaires"
731
 
732
#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
733
#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
734
 
735
#~ msgid ""
736
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
737
#~ "ca.sh</userinput>"
738
#~ msgstr ""
739
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
740
#~ "ca.sh</userinput>"
741
 
742
#~ msgid ""
743
#~ "You should periodically download a copy of <filename>certdata.txt</filename>"
744
#~ " and run the <application>make-ca.sh</application> script (as the "
745
#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "
746
#~ "monthly <application>cron</application> job to ensure that you have the "
747
#~ "latest available version of the certificates."
748
#~ msgstr ""
749
#~ "Vous devriez télécharger régulièrement une copie de "
750
#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"
751
#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "
752
#~ "class=\"username\">root</systemitem>), ou en tant que tâche "
753
#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "
754
#~ "dernière version disponible des certificats."
755
 
756
#~ msgid "make-ca.sh"
757
#~ msgstr "make-ca.sh"
758
 
759
#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"
760
#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"
761
 
762
#~ msgid "11 KB"
763
#~ msgstr "11 Ko"
764
 
765
#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"
766
#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"
767
 
768
#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"
769
#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"
770
 
771
#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"
772
#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"
773
 
774
#~ msgid "9e416981cd153d8923e06dc8e39ac534"
775
#~ msgstr "9e416981cd153d8923e06dc8e39ac534"
776
 
777
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
778
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
779
 
780
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
781
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
782
 
783
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
784
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
785
 
786
#~ msgid "1.4 MB"
787
#~ msgstr "1.4 Mo"
788
 
789
#~ msgid "0.1 SBU"
790
#~ msgstr "0.1 SBU"
791
 
792
#~ msgid ""
793
#~ "The Public Key Infrastructure is used for many security features in a Linux "
794
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
795
#~ "trusted agent called a Certificate Authority (CA). The certificates "
796
#~ "installed in this section are obtained from the Mozilla version control "
797
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
798
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
799
#~ " either directly or indirectly by linking to one of these packages."
800
#~ msgstr ""
801
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
802
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
803
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
804
#~ "agent de confiance, qu'on appelle l'autorité de certification "
805
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
806
#~ "certificats chargés dans cette section sont issus de la liste du système de "
807
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
808
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
809
#~ "également être utilisés par d'autres applications, directement ou "
810
#~ "indirectement via <application>openssl</application>."
811
 
812
#~ msgid ""
813
#~ "The <application>make-ca.sh</application> script will download a set of "
814
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
815
#~ "release) in the Mozialla version control system. It defaults to the release "
816
#~ "branch, which is identical to the version that ships with the Mozilla "
817
#~ "products in this book. If you'd like to change the branch that is retrieved,"
818
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
819
#~ "above."
820
#~ msgstr ""
821
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
822
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
823
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
824
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
825
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
826
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
827
#~ "l'une des cinq valeurs ci-dessus."
828
 
829
#~ msgid ""
830
#~ "Additionally, any local certificates stored in "
831
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
832
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
833
#~ "<application>gnutls</application>), and into the certificate store directory"
834
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
835
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
836
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
837
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
838
#~ " upon successful completion of this script."
839
#~ msgstr ""
840
#~ "De plus, tout certificat local stocké dans "
841
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
842
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
843
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
844
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
845
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
846
#~ "certificats passeront un test de validation de leur date et de leur "
847
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
848
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
849
#~ " la fin de ce script si tout va bien."
850
 
851
#~ msgid ""
852
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
853
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
854
#~ "<filename>/etc/ssl/java/cacerts</filename>."
855
#~ msgstr ""
856
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
857
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
858
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
859
 
860
#~ msgid ""
861
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
862
#~ "/usr/sbin/make-ca.sh\n"
863
#~ "</userinput>"
864
#~ msgstr ""
865
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
866
#~ "/usr/sbin/make-ca.sh\n"
867
#~ "</userinput>"
868
 
869
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
870
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
871
 
872
#~ msgid "6 MB"
873
#~ msgstr "6 Mo"
874
 
875
#~ msgid ""
876
#~ "The certfile.txt file above is actually retrieved from <ulink "
877
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
878
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
879
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
880
#~ " HTML file.  The Download URL above automates that process and also adds a "
881
#~ "line where the date can be extracted as a revision number by the scripts "
882
#~ "below."
883
#~ msgstr ""
884
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
885
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
886
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
887
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
888
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
889
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
890
#~ " par le script."
891
 
892
#~ msgid ""
893
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
894
#~ "<literal>#!/usr/bin/perl -w\n"
895
#~ "\n"
896
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
897
#~ "# Run as ./make-cert.pl > certificate.crt\n"
898
#~ "#\n"
899
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
900
#~ "#\n"
901
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
902
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
903
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
904
#~ "#\n"
905
#~ "# Authors: DJ Lucas\n"
906
#~ "#          Bruce Dubbs\n"
907
#~ "#\n"
908
#~ "# Version 20120211\n"
909
#~ "\n"
910
#~ "my $certdata = './tempfile.cer';\n"
911
#~ "\n"
912
#~ "open( IN, \"cat $certdata|\" )\n"
913
#~ "    || die \"could not open $certdata\";\n"
914
#~ "\n"
915
#~ "my $incert = 0;\n"
916
#~ "\n"
917
#~ "while ( &lt;IN&gt; )\n"
918
#~ "{\n"
919
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
920
#~ "    {\n"
921
#~ "        $incert = 1;\n"
922
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
923
#~ "            || die \"could not pipe to openssl x509\";\n"
924
#~ "    }\n"
925
#~ "\n"
926
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
927
#~ "    {\n"
928
#~ "        close( OUT );\n"
929
#~ "        $incert = 0;\n"
930
#~ "        print \"\\n\\n\";\n"
931
#~ "    }\n"
932
#~ "\n"
933
#~ "    elsif ($incert)\n"
934
#~ "    {\n"
935
#~ "        my @bs = split( /\\\\/ );\n"
936
#~ "        foreach my $b (@bs)\n"
937
#~ "        {\n"
938
#~ "            chomp $b;\n"
939
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
940
#~ "        }\n"
941
#~ "    }\n"
942
#~ "}</literal>\n"
943
#~ "EOF\n"
944
#~ "\n"
945
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
946
#~ msgstr ""
947
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
948
#~ "<literal>#!/usr/bin/perl -w\n"
949
#~ "\n"
950
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
951
#~ "# Run as ./make-cert.pl > certificate.crt\n"
952
#~ "#\n"
953
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
954
#~ "#\n"
955
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
956
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
957
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
958
#~ "#\n"
959
#~ "# Authors: DJ Lucas\n"
960
#~ "#          Bruce Dubbs\n"
961
#~ "#\n"
962
#~ "# Version 20120211\n"
963
#~ "\n"
964
#~ "my $certdata = './tempfile.cer';\n"
965
#~ "\n"
966
#~ "open( IN, \"cat $certdata|\" )\n"
967
#~ "    || die \"could not open $certdata\";\n"
968
#~ "\n"
969
#~ "my $incert = 0;\n"
970
#~ "\n"
971
#~ "while ( &lt;IN&gt; )\n"
972
#~ "{\n"
973
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
974
#~ "    {\n"
975
#~ "        $incert = 1;\n"
976
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
977
#~ "            || die \"could not pipe to openssl x509\";\n"
978
#~ "    }\n"
979
#~ "\n"
980
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
981
#~ "    {\n"
982
#~ "        close( OUT );\n"
983
#~ "        $incert = 0;\n"
984
#~ "        print \"\\n\\n\";\n"
985
#~ "    }\n"
986
#~ "\n"
987
#~ "    elsif ($incert)\n"
988
#~ "    {\n"
989
#~ "        my @bs = split( /\\\\/ );\n"
990
#~ "        foreach my $b (@bs)\n"
991
#~ "        {\n"
992
#~ "            chomp $b;\n"
993
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
994
#~ "        }\n"
995
#~ "    }\n"
996
#~ "}</literal>\n"
997
#~ "EOF\n"
998
#~ "\n"
999
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
1000
 
1001
#~ msgid ""
1002
#~ "The following script creates the certificates and a bundle of all the "
1003
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
1004
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
1005
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1006
#~ "user:"
1007
#~ msgstr ""
1008
#~ "Le script suivant crée les certificats et un bouquet de tous les "
1009
#~ "certificats. Il crée un répertoire <filename "
1010
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
1011
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
1012
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
1013
 
1014
#~ msgid ""
1015
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
1016
#~ "<literal>#!/bin/sh\n"
1017
#~ "# Begin make-ca.sh\n"
1018
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
1019
#~ "#\n"
1020
#~ "# The file certdata.txt must exist in the local directory\n"
1021
#~ "# Version number is obtained from the version of the data.\n"
1022
#~ "#\n"
1023
#~ "# Authors: DJ Lucas\n"
1024
#~ "#          Bruce Dubbs\n"
1025
#~ "#\n"
1026
#~ "# Version 20120211\n"
1027
#~ "\n"
1028
#~ "# Some data in the certs have UTF-8 characters\n"
1029
#~ "export LANG=en_US.utf8\n"
1030
#~ "\n"
1031
#~ "certdata=\"certdata.txt\"\n"
1032
#~ "\n"
1033
#~ "if [ ! -r $certdata ]; then\n"
1034
#~ "  echo \"$certdata must be in the local directory\"\n"
1035
#~ "  exit 1\n"
1036
#~ "fi\n"
1037
#~ "\n"
1038
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1039
#~ "\n"
1040
#~ "if [ -z \"${REVISION}\" ]; then\n"
1041
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1042
#~ "  exit 1\n"
1043
#~ "fi\n"
1044
#~ "\n"
1045
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1046
#~ "\n"
1047
#~ "TEMPDIR=$(mktemp -d)\n"
1048
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1049
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1050
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1051
#~ "SSLDIR=\"/etc/ssl\"\n"
1052
#~ "\n"
1053
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1054
#~ "\n"
1055
#~ "# Get a list of starting lines for each cert\n"
1056
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1057
#~ "\n"
1058
#~ "# Get a list of ending lines for each cert\n"
1059
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1060
#~ "\n"
1061
#~ "# Start a loop\n"
1062
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1063
#~ "  for certend in ${CERTENDLIST}; do\n"
1064
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1065
#~ "      break\n"
1066
#~ "    fi\n"
1067
#~ "  done\n"
1068
#~ "\n"
1069
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1070
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1071
#~ "done\n"
1072
#~ "\n"
1073
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1074
#~ "\n"
1075
#~ "mkdir -p certs\n"
1076
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1077
#~ "\n"
1078
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1079
#~ "  # Make sure that the cert is trusted...\n"
1080
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1081
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1082
#~ "\n"
1083
#~ "  if test \"${?}\" = \"0\"; then\n"
1084
#~ "    # Throw a meaningful error and remove the file\n"
1085
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1086
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1087
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1088
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1089
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1090
#~ "    continue\n"
1091
#~ "  fi\n"
1092
#~ "\n"
1093
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1094
#~ "  # Find the cert data and generate a cert file for it\n"
1095
#~ "\n"
1096
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1097
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1098
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1099
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1100
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1101
#~ "  echo \"Created ${keyhash}.pem\"\n"
1102
#~ "done\n"
1103
#~ "\n"
1104
#~ "# Remove blacklisted files\n"
1105
#~ "# MD5 Collision Proof of Concept CA\n"
1106
#~ "if test -f certs/8f111d69.pem; then\n"
1107
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1108
#~ "  rm -f certs/8f111d69.pem\n"
1109
#~ "fi\n"
1110
#~ "\n"
1111
#~ "# Finally, generate the bundle and clean up.\n"
1112
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1113
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1114
#~ "EOF\n"
1115
#~ "\n"
1116
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1117
#~ msgstr ""
1118
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
1119
#~ "<literal>#!/bin/sh\n"
1120
#~ "# Begin make-ca.sh\n"
1121
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
1122
#~ "#\n"
1123
#~ "# The file certdata.txt must exist in the local directory\n"
1124
#~ "# Version number is obtained from the version of the data.\n"
1125
#~ "#\n"
1126
#~ "# Authors: DJ Lucas\n"
1127
#~ "#          Bruce Dubbs\n"
1128
#~ "#\n"
1129
#~ "# Version 20120211\n"
1130
#~ "\n"
1131
#~ "# Some data in the certs have UTF-8 characters\n"
1132
#~ "export LANG=en_US.utf8\n"
1133
#~ "\n"
1134
#~ "certdata=\"certdata.txt\"\n"
1135
#~ "\n"
1136
#~ "if [ ! -r $certdata ]; then\n"
1137
#~ "  echo \"$certdata must be in the local directory\"\n"
1138
#~ "  exit 1\n"
1139
#~ "fi\n"
1140
#~ "\n"
1141
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1142
#~ "\n"
1143
#~ "if [ -z \"${REVISION}\" ]; then\n"
1144
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1145
#~ "  exit 1\n"
1146
#~ "fi\n"
1147
#~ "\n"
1148
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1149
#~ "\n"
1150
#~ "TEMPDIR=$(mktemp -d)\n"
1151
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1152
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1153
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1154
#~ "SSLDIR=\"/etc/ssl\"\n"
1155
#~ "\n"
1156
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1157
#~ "\n"
1158
#~ "# Get a list of starting lines for each cert\n"
1159
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1160
#~ "\n"
1161
#~ "# Get a list of ending lines for each cert\n"
1162
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1163
#~ "\n"
1164
#~ "# Start a loop\n"
1165
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1166
#~ "  for certend in ${CERTENDLIST}; do\n"
1167
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1168
#~ "      break\n"
1169
#~ "    fi\n"
1170
#~ "  done\n"
1171
#~ "\n"
1172
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1173
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1174
#~ "done\n"
1175
#~ "\n"
1176
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1177
#~ "\n"
1178
#~ "mkdir -p certs\n"
1179
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1180
#~ "\n"
1181
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1182
#~ "  # Make sure that the cert is trusted...\n"
1183
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1184
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1185
#~ "\n"
1186
#~ "  if test \"${?}\" = \"0\"; then\n"
1187
#~ "    # Throw a meaningful error and remove the file\n"
1188
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1189
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1190
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1191
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1192
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1193
#~ "    continue\n"
1194
#~ "  fi\n"
1195
#~ "\n"
1196
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1197
#~ "  # Find the cert data and generate a cert file for it\n"
1198
#~ "\n"
1199
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1200
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1201
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1202
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1203
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1204
#~ "  echo \"Created ${keyhash}.pem\"\n"
1205
#~ "done\n"
1206
#~ "\n"
1207
#~ "# Remove blacklisted files\n"
1208
#~ "# MD5 Collision Proof of Concept CA\n"
1209
#~ "if test -f certs/8f111d69.pem; then\n"
1210
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1211
#~ "  rm -f certs/8f111d69.pem\n"
1212
#~ "fi\n"
1213
#~ "\n"
1214
#~ "# Finally, generate the bundle and clean up.\n"
1215
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1216
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1217
#~ "EOF\n"
1218
#~ "\n"
1219
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1220
 
1221
#~ msgid ""
1222
#~ "Add a short script to remove expired certificates from a directory.  Again "
1223
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1224
#~ "user:"
1225
#~ msgstr ""
1226
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
1227
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
1228
#~ "class=\"username\">root</systemitem>&nbsp;:"
1229
 
1230
#~ msgid ""
1231
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1232
#~ "<literal>#!/bin/sh\n"
1233
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1234
#~ "#\n"
1235
#~ "# Version 20120211\n"
1236
#~ "\n"
1237
#~ "# Make sure the date is parsed correctly on all systems\n"
1238
#~ "mydate()\n"
1239
#~ "{\n"
1240
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1241
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1242
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1243
#~ "  local m\n"
1244
#~ "\n"
1245
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1246
#~ "\n"
1247
#~ "  case $M in\n"
1248
#~ "    Jan) m=\"01\";;\n"
1249
#~ "    Feb) m=\"02\";;\n"
1250
#~ "    Mar) m=\"03\";;\n"
1251
#~ "    Apr) m=\"04\";;\n"
1252
#~ "    May) m=\"05\";;\n"
1253
#~ "    Jun) m=\"06\";;\n"
1254
#~ "    Jul) m=\"07\";;\n"
1255
#~ "    Aug) m=\"08\";;\n"
1256
#~ "    Sep) m=\"09\";;\n"
1257
#~ "    Oct) m=\"10\";;\n"
1258
#~ "    Nov) m=\"11\";;\n"
1259
#~ "    Dec) m=\"12\";;\n"
1260
#~ "  esac\n"
1261
#~ "\n"
1262
#~ "  certdate=\"${y}${m}${d}\"\n"
1263
#~ "}\n"
1264
#~ "\n"
1265
#~ "OPENSSL=/usr/bin/openssl\n"
1266
#~ "DIR=/etc/ssl/certs\n"
1267
#~ "\n"
1268
#~ "if [ $# -gt 0 ]; then\n"
1269
#~ "  DIR=\"$1\"\n"
1270
#~ "fi\n"
1271
#~ "\n"
1272
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1273
#~ "today=$( date +%Y%m%d )\n"
1274
#~ "\n"
1275
#~ "for cert in $certs; do\n"
1276
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1277
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1278
#~ "  mydate \"$date\"\n"
1279
#~ "\n"
1280
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1281
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1282
#~ "     rm -f \"${cert}\"\n"
1283
#~ "  fi\n"
1284
#~ "done</literal>\n"
1285
#~ "EOF\n"
1286
#~ "\n"
1287
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1288
#~ msgstr ""
1289
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1290
#~ "<literal>#!/bin/sh\n"
1291
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1292
#~ "#\n"
1293
#~ "# Version 20120211\n"
1294
#~ "\n"
1295
#~ "# Make sure the date is parsed correctly on all systems\n"
1296
#~ "mydate()\n"
1297
#~ "{\n"
1298
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1299
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1300
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1301
#~ "  local m\n"
1302
#~ "\n"
1303
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1304
#~ "\n"
1305
#~ "  case $M in\n"
1306
#~ "    Jan) m=\"01\";;\n"
1307
#~ "    Feb) m=\"02\";;\n"
1308
#~ "    Mar) m=\"03\";;\n"
1309
#~ "    Apr) m=\"04\";;\n"
1310
#~ "    May) m=\"05\";;\n"
1311
#~ "    Jun) m=\"06\";;\n"
1312
#~ "    Jul) m=\"07\";;\n"
1313
#~ "    Aug) m=\"08\";;\n"
1314
#~ "    Sep) m=\"09\";;\n"
1315
#~ "    Oct) m=\"10\";;\n"
1316
#~ "    Nov) m=\"11\";;\n"
1317
#~ "    Dec) m=\"12\";;\n"
1318
#~ "  esac\n"
1319
#~ "\n"
1320
#~ "  certdate=\"${y}${m}${d}\"\n"
1321
#~ "}\n"
1322
#~ "\n"
1323
#~ "OPENSSL=/usr/bin/openssl\n"
1324
#~ "DIR=/etc/ssl/certs\n"
1325
#~ "\n"
1326
#~ "if [ $# -gt 0 ]; then\n"
1327
#~ "  DIR=\"$1\"\n"
1328
#~ "fi\n"
1329
#~ "\n"
1330
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1331
#~ "today=$( date +%Y%m%d )\n"
1332
#~ "\n"
1333
#~ "for cert in $certs; do\n"
1334
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1335
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1336
#~ "  mydate \"$date\"\n"
1337
#~ "\n"
1338
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1339
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1340
#~ "     rm -f \"${cert}\"\n"
1341
#~ "  fi\n"
1342
#~ "done</literal>\n"
1343
#~ "EOF\n"
1344
#~ "\n"
1345
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1346
 
1347
#~ msgid ""
1348
#~ "The following commands will fetch the certificates and convert them to the "
1349
#~ "correct format.  If desired, a web browser may be used instead of "
1350
#~ "<application>wget</application> but the file will need to be saved with the "
1351
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1352
#~ "necessary to update the CA Certificates."
1353
#~ msgstr ""
1354
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1355
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1356
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1357
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1358
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1359
#~ "jour les Certificats CA."
1360
 
1361
#~ msgid ""
1362
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1363
#~ "rm -f certdata.txt &amp;&amp;\n"
1364
#~ "wget $URL          &amp;&amp;\n"
1365
#~ "make-ca.sh         &amp;&amp;\n"
1366
#~ "unset URL</userinput>"
1367
#~ msgstr ""
1368
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1369
#~ "rm -f certdata.txt &amp;&amp;\n"
1370
#~ "wget $URL          &amp;&amp;\n"
1371
#~ "make-ca.sh         &amp;&amp;\n"
1372
#~ "unset URL</userinput>"
1373
 
1374
#~ msgid ""
1375
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1376
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1377
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1378
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1379
#~ "c_rehash                                                     &amp;&amp;\n"
1380
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1381
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1382
#~ "unset SSLDIR</userinput>"
1383
#~ msgstr ""
1384
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1385
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1386
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1387
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1388
#~ "c_rehash                                                     &amp;&amp;\n"
1389
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1390
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1391
#~ "unset SSLDIR</userinput>"
1392
 
1393
#~ msgid "Finally, clean up the current directory:"
1394
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1395
 
1396
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1397
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1398
 
1399
#~ msgid ""
1400
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1401
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1402
#~ "certs'/>."
1403
#~ msgstr ""
1404
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1405
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1406
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1407
 
1408
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1409
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1410
 
1411
#~ msgid "<command>make-cert.pl</command>"
1412
#~ msgstr "<command>make-cert.pl</command>"
1413
 
1414
#~ msgid ""
1415
#~ "is a utility <application>perl</application> script that converts a single "
1416
#~ "binary certificate (.der format) into .pem format."
1417
#~ msgstr ""
1418
#~ "est un script <application>perl</application> qui convertit un certificat "
1419
#~ "binaire unique (format .der) au format .pem."
1420
 
1421
#~ msgid "make-cert"
1422
#~ msgstr "make-cert"
1423
 
1424
#~ msgid "<command>remove-expired-certs.sh</command>"
1425
#~ msgstr "<command>remove-expired-certs.sh</command>"
1426
 
1427
#~ msgid ""
1428
#~ "is a utility shell script that removes expired certificates from a "
1429
#~ "directory.  The default directory is <filename "
1430
#~ "class='directory'>/etc/ssl/certs</filename>."
1431
#~ msgstr ""
1432
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1433
#~ " répertoire par défaut est <filename "
1434
#~ "class='directory'>/etc/ssl/certs</filename>."
1435
 
1436
#~ msgid "remove-expired-certs"
1437
#~ msgstr "remove-expired-certs"