Subversion Repositories svn LFS-FR

Rev

Rev 8083 | Rev 8237 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
7355 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
8093 jlepiller 9
"POT-Creation-Date: 2019-09-21 20:02+0000\n"
7882 jlepiller 10
"PO-Revision-Date: 2019-04-15 08:14+0000\n"
7355 jlepiller 11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.8\n"
7882 jlepiller 19
"X-POOTLE-MTIME: 1555316043.769430\n"
7355 jlepiller 20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/make-ca.xml:7
23
msgid "https://hg.mozilla.org/"
24
msgstr "https://hg.mozilla.org/"
25
 
26
#. type: Content of the certpath entity
27
#: blfs-en/postlfs/security/make-ca.xml:8
28
msgid "/lib/ckfw/builtins/certdata.txt"
29
msgstr "/lib/ckfw/builtins/certdata.txt"
30
 
31
#. type: Content of the make-ca-buildsize entity
32
#: blfs-en/postlfs/security/make-ca.xml:9
33
msgid "6.6 MB (with all runtime deps)"
34
msgstr "6.6 Mo (avec toutes les dépendances à l'exécution)"
35
 
36
#. type: Content of the make-ca-time entity
37
#: blfs-en/postlfs/security/make-ca.xml:10
7605 jlepiller 38
msgid "0.1 SBU (with all runtime deps)"
39
msgstr "0.1 SBU (avec toutes les dépendances à l'exécution)"
7355 jlepiller 40
 
41
#. type: Content of the make-ca-download entity
42
#: blfs-en/postlfs/security/make-ca.xml:12
43
msgid ""
7687 jlepiller 44
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
45
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 46
msgstr ""
7687 jlepiller 47
"https://github.com/djlucas/make-ca/releases/download/v&make-ca-"
48
"version;/make-ca-&make-ca-version;.tar.xz"
7355 jlepiller 49
 
50
#. type: Content of the make-ca-size entity
51
#: blfs-en/postlfs/security/make-ca.xml:13
8083 jlepiller 52
msgid "32 KB"
53
msgstr "32 Ko"
7355 jlepiller 54
 
55
#. type: Content of the make-ca-md5sum entity
56
#: blfs-en/postlfs/security/make-ca.xml:14
8083 jlepiller 57
msgid "0d50d9e0c9ebd6059fe4116353f2d5be"
58
msgstr "0d50d9e0c9ebd6059fe4116353f2d5be"
7355 jlepiller 59
 
60
#. type: Content of: <sect1><sect1info>
61
#: blfs-en/postlfs/security/make-ca.xml:21
8083 jlepiller 62
#| msgid ""
8093 jlepiller 63
#| "<othername>$LastChangedBy: dj $</othername> <date>$Date: 2019-09-11 03:18:23"
64
#| " +0000 (Wed, 11 Sep 2019) $</date>"
7355 jlepiller 65
msgid ""
8093 jlepiller 66
"<othername>$LastChangedBy: renodr $</othername> <date>$Date: 2019-09-21 "
67
"16:50:53 +0000 (Sat, 21 Sep 2019) $</date>"
7355 jlepiller 68
msgstr ""
8093 jlepiller 69
"<othername>$LastChangedBy: renodr $</othername> <date>$Date: 2019-09-21 "
70
"16:50:53 +0000 (Sat, 21 Sep 2019) $</date>"
7355 jlepiller 71
 
7360 jlepiller 72
#. type: Content of: <sect1><title>
73
#: blfs-en/postlfs/security/make-ca.xml:25
74
msgid "make-ca-&make-ca-version;"
75
msgstr "make-ca-&make-ca-version;"
76
 
7355 jlepiller 77
#. type: Content of:
78
#. <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
7360 jlepiller 79
#: blfs-en/postlfs/security/make-ca.xml:27
8093 jlepiller 80
#: blfs-en/postlfs/security/make-ca.xml:262
81
#: blfs-en/postlfs/security/make-ca.xml:280
7355 jlepiller 82
msgid "make-ca"
83
msgstr "make-ca"
84
 
7360 jlepiller 85
#. type: Content of: <sect1><sect2><title>
86
#: blfs-en/postlfs/security/make-ca.xml:31
87
msgid "Introduction to make-ca"
88
msgstr "Introduction à make-ca"
89
 
90
#. type: Content of: <sect1><sect2><para>
91
#: blfs-en/postlfs/security/make-ca.xml:34
7355 jlepiller 92
msgid ""
93
"Public Key Infrastructure (PKI) is a method to validate the authenticity of "
94
"an otherwise unknown entity across untrusted networks. PKI works by "
95
"establishing a chain of trust, rather than trusting each individual host or "
96
"entity explicitly. In order for a certificate presented by a remote entity "
97
"to be trusted, that certificate must present a complete chain of "
98
"certificates that can be validated using the root certificate of a "
99
"Certificate Authority (CA) that is trusted by the local machine."
100
msgstr ""
101
"Une Infrastructure à Clés Publiques (PKI) est une méthode pour valider "
102
"l'authenticité d'une entité autrement inconnue au travers de réseaux qui ne "
103
"sont pas de confiance. La PKI fonctionne en établissant une chaîne de "
104
"confiance, plutôt que de faire confiance individuellement à chaque hôte ou "
105
"entité de manière explicite. Pour qu'un certificat présenté par une entité "
106
"distante soit reconnu, le certificat doit présenter une chaîne complète de "
107
"certificats qui peuvent être validé en utilisant le certificat racine d'une "
108
"autorité de certification (CA) en laquelle la machine locale a confiance."
109
 
7360 jlepiller 110
#. type: Content of: <sect1><sect2><para>
111
#: blfs-en/postlfs/security/make-ca.xml:44
7355 jlepiller 112
msgid ""
113
"Establishing trust with a CA involves validating things like company "
114
"address, ownership, contact information, etc., and ensuring that the CA has "
115
"followed best practices, such as undergoing periodic security audits by "
116
"independent investigators and maintaining an always available certificate "
117
"revocation list. This is well outside the scope of BLFS (as it is for most "
118
"Linux distributions). The certificate store provided here is taken from the "
119
"Mozilla Foundation, who have established very strict inclusion policies "
120
"described <ulink url=\"https://www.mozilla.org/en-"
121
"US/about/governance/policies/security-group/certs/\">here</ulink>."
122
msgstr ""
123
"L'établissement de la confiance avec une CA nécessite de valider des choses "
124
"comme l'adresse de la compagnie, la propriété, les informations de contact, "
125
"etc, et de s'assurer que la CA a suivi les bonnes pratiques, comme des "
126
"audits de sécurité périodiques par des enquêteurs indépendants et le "
127
"maintient d'une liste de révocation de certificats toujours disponible. Ceci"
128
" est bien au delà de la portée de BLFS (comme pour la plupart des "
129
"distributions Linux). Le magasin de certificats fournit ici est emprunté à "
130
"la fondation Mozilla, qui ont établit une politique d'inclusion très stricte"
131
" décrite <ulink url=\"https://www.mozilla.org/en-"
132
"US/about/governance/policies/security-group/certs/\">ici</ulink>."
133
 
134
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 135
#: blfs-en/postlfs/security/make-ca.xml:57
7355 jlepiller 136
msgid "Package Information"
137
msgstr "Informations sur le paquet"
138
 
139
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 140
#: blfs-en/postlfs/security/make-ca.xml:60
7355 jlepiller 141
msgid "Download (HTTP): <ulink url=\"&make-ca-download;\"/>"
142
msgstr "Téléchargement (HTTP)&nbsp;: <ulink url=\"&make-ca-download;\"/>"
143
 
144
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 145
#: blfs-en/postlfs/security/make-ca.xml:63
7355 jlepiller 146
msgid "Download size: &make-ca-size;"
147
msgstr "Taille du téléchargement&nbsp;: &make-ca-size;"
148
 
149
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 150
#: blfs-en/postlfs/security/make-ca.xml:66
7355 jlepiller 151
msgid "Download MD5 Sum: &make-ca-md5sum;"
152
msgstr "Somme MD5 du téléchargement&nbsp;: &make-ca-md5sum;"
153
 
154
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 155
#: blfs-en/postlfs/security/make-ca.xml:69
7355 jlepiller 156
msgid "Estimated disk space required: &make-ca-buildsize;"
157
msgstr "Estimation de l'espace disque requis&nbsp;: &make-ca-buildsize;"
158
 
159
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
7360 jlepiller 160
#: blfs-en/postlfs/security/make-ca.xml:72
7355 jlepiller 161
msgid "Estimated build time: &make-ca-time;"
162
msgstr "Estimation du temps de construction&nbsp;: &make-ca-time;"
163
 
164
#. type: Content of: <sect1><sect2><bridgehead>
7360 jlepiller 165
#: blfs-en/postlfs/security/make-ca.xml:76
7355 jlepiller 166
msgid "make-ca Dependencies"
167
msgstr "Dépendances de make-ca"
168
 
169
#. type: Content of: <sect1><sect2><bridgehead>
7605 jlepiller 170
#: blfs-en/postlfs/security/make-ca.xml:78
7630 jlepiller 171
msgid "Required"
172
msgstr "Requises"
7605 jlepiller 173
 
174
#. type: Content of: <sect1><sect2><para>
175
#: blfs-en/postlfs/security/make-ca.xml:79
176
msgid ""
177
"<xref linkend=\"p11-kit\"/> (required at runtime to generate certificate "
178
"stores from trust anchors)"
179
msgstr ""
180
"<xref linkend=\"p11-kit\"/> (requis à l'exécution pour générer des banques "
181
"de certificats à partir d'ancres de confiance)"
182
 
183
#. type: Content of: <sect1><sect2><bridgehead>
7630 jlepiller 184
#: blfs-en/postlfs/security/make-ca.xml:83
7355 jlepiller 185
msgid "Optional (runtime)"
186
msgstr "Facultatives (exécution)"
187
 
188
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 189
#: blfs-en/postlfs/security/make-ca.xml:85
7355 jlepiller 190
msgid ""
191
"<xref role=\"runtime\" linkend=\"java\"/> or <xref role=\"runtime\" "
7605 jlepiller 192
"linkend=\"openjdk\"/> (to generate a java PKCS#12 store), and <xref "
193
"role=\"runtime\" linkend=\"nss\"/> (to generate a shared NSSDB)"
7355 jlepiller 194
msgstr ""
195
"<xref role=\"runtime\" linkend=\"java\"/> ou <xref role=\"runtime\" "
7605 jlepiller 196
"linkend=\"openjdk\"/> (pour générer une banque PKCS#12 java) et <xref "
197
"role=\"runtime\" linkend=\"nss\"/> (pour générer un NSSDB partagé)"
7355 jlepiller 198
 
199
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 200
#: blfs-en/postlfs/security/make-ca.xml:91
7355 jlepiller 201
msgid "User Notes: <ulink url='&blfs-wiki;/make-ca'/>"
202
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/make-ca'/>"
203
 
204
#. type: Content of: <sect1><sect2><title>
7630 jlepiller 205
#: blfs-en/postlfs/security/make-ca.xml:96
7355 jlepiller 206
msgid "Installation of make-ca"
207
msgstr "Installation de make-ca"
208
 
209
#. type: Content of: <sect1><sect2><para>
7630 jlepiller 210
#: blfs-en/postlfs/security/make-ca.xml:98
7355 jlepiller 211
msgid ""
212
"The <application>make-ca</application> script will download and process the "
213
"certificates included in the <filename>certdata.txt</filename> file for use "
7605 jlepiller 214
"as trust anchors for the <xref linkend=\"p11-kit\"/> trust module. "
215
"Additionally, it will generate system certificate stores used by BLFS "
216
"applications (if the recommended and optional applications are present on "
217
"the system). Any local certificates stored in "
218
"<filename>/etc/ssl/local</filename> will be imported to both the trust "
7881 jlepiller 219
"anchors and the generated certificate stores (overriding Mozilla's trust). "
220
"Additionally, any modified trust values will be copied from the trust "
221
"anchors to <filename>/etc/ssl/local</filename> prior to any updates, "
222
"preserving custom trust values that differ from Mozilla when using the "
223
"<command>trust</command> utility from <application>p11-kit</application> to "
224
"operate on the trust store."
7355 jlepiller 225
msgstr ""
7605 jlepiller 226
"Le script <application>make-ca</application> téléchargera et adaptera les "
227
"certificats inclus dans le fichier <filename>certdata.txt</filename> pour "
228
"l'utiliser comme ancre de confiance dans le module de confiance de <xref "
229
"linkend=\"p11-kit\"/>. En plus, il générera les banques de certificats du "
230
"système utilisées par les application de BLFS (si les applications "
231
"recommandées et facultatives sont présentes sur le système). Tout certificat"
232
" local stocké dans <filename>/etc/ssl/local</filename> sera importé dans les"
233
" ancres de confiance et dans les banques de certificats générées (en "
7882 jlepiller 234
"remplaçant la confiance de Mozilla). En plus, toute valeur de confiance "
235
"modifiée sera copiée des ancres de confiance vers "
236
"<filename>/etc/ssl/local</filename> avant toute mise à jour, ce qui "
237
"préservera les modifications de valeurs de confiance différentes de celles "
238
"de Mozilla lorsque vous utiliserez l'utilitaire <command>trust</command> de "
239
"<application>p11-kit</application> pour effectuer des opération sur la "
240
"banque de certificats."
7355 jlepiller 241
 
242
#. type: Content of: <sect1><sect2><para>
7881 jlepiller 243
#: blfs-en/postlfs/security/make-ca.xml:112
7355 jlepiller 244
msgid ""
245
"To install the various certificate stores, first install the "
246
"<application>make-ca</application> script into the correct location.  As the"
247
" <systemitem class=\"username\">root</systemitem> user:"
248
msgstr ""
249
"Pour installer les divers magasins de certificats, installez le script "
250
"<application>make-ca</application> au bon endroit. En tant qu'utilisateur "
251
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
252
 
253
#. type: Content of: <sect1><sect2><screen>
7881 jlepiller 254
#: blfs-en/postlfs/security/make-ca.xml:116
7355 jlepiller 255
#, no-wrap
7881 jlepiller 256
msgid ""
257
"<userinput>make install &amp;&amp;\n"
258
"install -vdm755 /etc/ssl/local</userinput>"
259
msgstr ""
260
"<userinput>make install &amp;&amp;\n"
261
"install -vdm755 /etc/ssl/local</userinput>"
7355 jlepiller 262
 
263
#. type: Content of: <sect1><sect2><para>
7881 jlepiller 264
#: blfs-en/postlfs/security/make-ca.xml:119
7355 jlepiller 265
msgid ""
7605 jlepiller 266
"As the <systemitem class=\"username\">root</systemitem> user, after "
267
"installing <xref linkend=\"p11-kit\"/>, download the certificate source and "
268
"prepare for system use with the following command:"
7355 jlepiller 269
msgstr ""
270
"En tant qu'utilisateur <systemitem class=\"username\">root</systemitem>, "
7605 jlepiller 271
"après l'installation de <xref linkend=\"p11-kit\"/>, téléchargez la banque "
272
"de certificats et préparez-la à être utilisée par le système avec la "
273
"commande suivante&nbsp;:"
7355 jlepiller 274
 
275
#. type: Content of: <sect1><sect2><note><para>
7881 jlepiller 276
#: blfs-en/postlfs/security/make-ca.xml:124
7355 jlepiller 277
msgid ""
278
"If running the script a second time with the same version of "
279
"<filename>certdata.txt</filename>, for instance, to add additional stores as"
7605 jlepiller 280
" the requisite software is installed, add the <parameter>-r</parameter> "
7355 jlepiller 281
"switch to the command line. If packaging, run <command>make-ca "
282
"--help</command> to see all available command line options."
283
msgstr ""
284
"Si vous lancez le script une deuxième fois avec la même version de "
7605 jlepiller 285
"<filename>certdata.txt</filename>, par exemple pour ajouter des banques "
7355 jlepiller 286
"supplémentaires parce que le logiciel requis est installé, ajoutez l'option "
7605 jlepiller 287
"<parameter>-r</parameter> à la ligne de commande. Si vous créez un paquet, "
7355 jlepiller 288
"lancez <command>make-ca --help</command> pour voir toutes les options de la "
289
"ligne de commande disponibles."
290
 
291
#. type: Content of: <sect1><sect2><screen>
7881 jlepiller 292
#: blfs-en/postlfs/security/make-ca.xml:131
7355 jlepiller 293
#, no-wrap
7465 jlepiller 294
msgid "<userinput>/usr/sbin/make-ca -g</userinput>"
295
msgstr "<userinput>/usr/sbin/make-ca -g</userinput>"
7355 jlepiller 296
 
297
#. type: Content of: <sect1><sect2><para>
8093 jlepiller 298
#: blfs-en/postlfs/security/make-ca.xml:143
7355 jlepiller 299
msgid ""
7881 jlepiller 300
"You should periodically update the store with the above command, either "
7355 jlepiller 301
"manually, or via a <phrase revision=\"sysv\">cron job.</phrase> <phrase "
302
"revision=\"systemd\">systemd timer. A timer is installed at "
7724 jlepiller 303
"<filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if "
304
"enabled, will check for updates weekly. </phrase><phrase "
305
"revision=\"sysv\">If you've installed <xref linkend=\"fcron\"/> and "
306
"completed the section on periodic jobs, execute</phrase><phrase "
307
"revision=\"systemd\">Execute</phrase> the following commands, as the "
308
"<systemitem class=\"username\">root</systemitem> user, to <phrase "
309
"revision=\"sysv\">create a weekly cron job:</phrase> <phrase "
310
"revision=\"systemd\">enable the systemd timer:</phrase>"
7355 jlepiller 311
msgstr ""
7882 jlepiller 312
"Vous devriez mettre à jour régulièrement la banque de certificats avec la "
313
"commande ci-dessus soit manuellement, soit via <phrase revision=\"sysv\">une"
314
" tâche cron.</phrase><phrase revision=\"systemd\">un timer systemd. Un timer"
315
" est installé dans <filename>/usr/lib/systemd/system/update-"
316
"pki.timer</filename> et s'il est activé, il vérifiera les mises à jour une "
317
"fois par semaine.</phrase><phrase revision=\"sysv\">Si vous avez installé "
318
"<xref linkend=\"fcron\"/> et complété la section sur les travaux "
319
"périodiques, exécutez</phrase><phrase revision=\"systemd\">Exécutez</phrase>"
320
" les commandes suivantes, en tant qu'utilisateur <systemitem "
7725 jlepiller 321
"class=\"username\">root</systemitem> pour <phrase revision=\"sysv\">créer "
322
"une tache cron hebdomadaire&nbsp;:</phrase><phrase "
323
"revision=\"systemd\">activer le timer systemd&nbsp;:</phrase>"
7355 jlepiller 324
 
7724 jlepiller 325
#. type: Content of: <sect1><sect2><screen>
8093 jlepiller 326
#: blfs-en/postlfs/security/make-ca.xml:156
7724 jlepiller 327
#, no-wrap
8093 jlepiller 328
#| msgid ""
329
#| "<userinput>install -vdm755 /etc/cron.weekly                       &amp;&amp;\n"
330
#| "cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
331
#| "<literal>#!/bin/bash\n"
332
#| "/usr/sbin/make-ca -g</literal>\n"
333
#| "EOF\n"
334
#| "chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
7724 jlepiller 335
msgid ""
8093 jlepiller 336
"<userinput>install -vdm755 /etc/cron.weekly              &amp;&amp;\n"
7740 jlepiller 337
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 338
"<literal>#!/bin/bash\n"
339
"/usr/sbin/make-ca -g</literal>\n"
340
"EOF\n"
341
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
342
msgstr ""
8093 jlepiller 343
"<userinput>install -vdm755 /etc/cron.weekly              &amp;&amp;\n"
7740 jlepiller 344
"cat &gt; /etc/cron.weekly/update-pki.sh &lt;&lt; \"EOF\" &amp;&amp;\n"
7724 jlepiller 345
"<literal>#!/bin/bash\n"
346
"/usr/sbin/make-ca -g</literal>\n"
347
"EOF\n"
348
"chmod 754 /etc/cron.weekly/update-pki.sh</userinput>"
349
 
350
#. type: Content of: <sect1><sect2><screen>
8093 jlepiller 351
#: blfs-en/postlfs/security/make-ca.xml:163
7724 jlepiller 352
#, no-wrap
353
msgid "<userinput>systemctl enable update-pki.timer</userinput>"
354
msgstr "<userinput>systemctl enable update-pki.timer</userinput>"
355
 
7687 jlepiller 356
#. type: Content of: <sect1><sect2><title>
8093 jlepiller 357
#: blfs-en/postlfs/security/make-ca.xml:168
7687 jlepiller 358
msgid "Configuring make-ca"
359
msgstr "Configuration de make-ca"
360
 
7355 jlepiller 361
#. type: Content of: <sect1><sect2><para>
8093 jlepiller 362
#: blfs-en/postlfs/security/make-ca.xml:170
7355 jlepiller 363
msgid ""
7800 jlepiller 364
"For most users, no additional configuration is necessary, however, the "
7687 jlepiller 365
"default <filename>certdata.txt</filename> file provided by make-ca is "
7355 jlepiller 366
"obtained from the mozilla-release branch, and is modified to provide a "
7687 jlepiller 367
"Mercurial revision. This will be the correct version for most systems.  "
368
"There are several other variants of the file available for use that might be"
369
" preferred for one reason or another, including the files shipped with "
370
"Mozilla products in this book. RedHat and OpenSUSE, for instance, use the "
371
"version included in <xref linkend=\"nss\"/>. Additional upstream downloads "
372
"are available at the links included in <filename>/etc/make-"
373
"ca.conf.dist</filename>. Simply copy the file to <filename>/etc/make-"
374
"ca.conf</filename> and edit as appropriate."
7355 jlepiller 375
msgstr ""
7802 jlepiller 376
"Pour la plupart des utilisateurs, aucune configuration supplémentaire n'est "
377
"nécessaire, cependant le fichier <filename>certdata.txt</filename> par "
378
"défaut fournit par make-ca est obtenu à partir de la branche mozilla-"
379
"release, et est modifié pour fournir une révision Mercurial. Ce sera la "
380
"bonne version pour la plupart des systèmes. Il y a plusieurs variantes du "
381
"fichier disponibles à l'utilisation que vous pourriez préférer pour une "
382
"raison ou une autre, incluses dans les produits Mozilla dans ce livre. "
383
"RedHat et OpenSUSE par exemple utilisent la version incluse dans <xref "
384
"linkend=\"nss\"/>. Des emplacements de téléchargement supplémentaires sont "
385
"disponibles dans les liens inclus dans <filename>/etc/make-"
386
"ca.conf.dist</filename>. Copiez simplement ce fichier vers "
387
"<filename>/etc/make-ca.conf</filename> et modifiez-le comme vous le voulez."
7355 jlepiller 388
 
7687 jlepiller 389
#. type: Content of: <sect1><sect2><indexterm><primary>
8093 jlepiller 390
#: blfs-en/postlfs/security/make-ca.xml:183
7687 jlepiller 391
msgid "/etc/make-ca.conf"
392
msgstr "/etc/make-ca.conf"
7355 jlepiller 393
 
7800 jlepiller 394
#. type: Content of: <sect1><sect2><bridgehead>
8093 jlepiller 395
#: blfs-en/postlfs/security/make-ca.xml:186
7800 jlepiller 396
msgid "About Trust Arguments"
7802 jlepiller 397
msgstr "À propos des arguments sur la confiance"
7800 jlepiller 398
 
399
#. type: Content of: <sect1><sect2><para>
8093 jlepiller 400
#: blfs-en/postlfs/security/make-ca.xml:188
7800 jlepiller 401
msgid ""
402
"There are three trust types that are recognized by the <application>make-"
403
"ca</application> script, SSL/TLS, S/Mime, and code signing. For "
404
"<application>OpenSSL</application>, these are "
405
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter>, "
406
"and <parameter>codeSigning</parameter> respectively. If one of the three "
407
"trust arguments is omitted, the certificate is neither trusted, nor rejected"
408
" for that role. Clients that use <application>OpenSSL</application> or "
409
"<application>NSS</application> encountering this certificate will present a "
410
"warning to the user. Clients using <application>GnuTLS</application> without"
411
" <application>p11-kit</application> support are not aware of trusted "
412
"certificates. To include this CA into the <filename>ca-"
413
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename>, or "
414
"<filename>objsign-ca-bundle.crt</filename> files (the "
415
"<application>GnuTLS</application> legacy bundles), it must have the "
416
"appropriate trust arguments."
417
msgstr ""
7802 jlepiller 418
"Il y a trois types de confiances reconnues par le script <application>make-"
419
"ca</application>, SSL/TLS, S/Mime et signature de code. Pour "
420
"<application>OpenSSL</application>, il s'agit de "
421
"<parameter>serverAuth</parameter>, <parameter>emailProtection</parameter> et"
422
" <parameter>codeSigning</parameter> respectivement. Si un argument trust en "
423
"omis, le certificat n'est ni reconnu ni rejeté pour ce rôle. Les clients qui"
424
" utilisent <application>OpenSSL</application> ou "
7800 jlepiller 425
"<application>NSS</application> rencontrant ce certificat renverront un "
7802 jlepiller 426
"avertissement à l'utilisateur. Les clients qui utilisent "
7800 jlepiller 427
"<application>GnuTLS</application> sans le support de "
428
"<application>p11-kit</application> ne sont pas conscient des certificats de "
7802 jlepiller 429
"confiance. Pour inclure cette CA dans les fichiers <filename>ca-"
430
"bundle.crt</filename>, <filename>email-ca-bundle.crt</filename> ou "
431
"<filename>objsign-ca-bundle.crt</filename> (les anciens lots de "
432
"<application>GnuTLS</application>), il doit avoir l'argument de confiance "
433
"approprié."
7800 jlepiller 434
 
435
#. type: Content of: <sect1><sect2><bridgehead>
8093 jlepiller 436
#: blfs-en/postlfs/security/make-ca.xml:206
7800 jlepiller 437
msgid "Adding Additional CA Certificates"
7802 jlepiller 438
msgstr "Ajouter des certificats de CA supplémentaires"
7800 jlepiller 439
 
440
#. type: Content of: <sect1><sect2><para>
8093 jlepiller 441
#: blfs-en/postlfs/security/make-ca.xml:208
7800 jlepiller 442
msgid ""
443
"The <filename class=\"directory\">/etc/ssl/local</filename> directory is "
444
"available to add additional CA certificates to the system. For instance, you"
445
" might need to add an organization or government CA certificate.  Files in "
446
"this directory must be in the <application>OpenSSL</application> trusted "
447
"certificate format. To create an <application>OpenSSL</application> trusted "
448
"certificate from a regular PEM encoded file, you need to add trust arguments"
449
" to the <command>openssl</command> command, and create a new certificate. "
450
"For example, using the <ulink url=\"http://www.cacert.org/\">CAcert</ulink> "
451
"roots, if you want to trust both for all three roles, the following commands"
452
" will create appropriate OpenSSL trusted certificates (run as the "
453
"<systemitem class=\"username\">root</systemitem> user after <xref "
454
"linkend=\"wget\"/> is installed):"
455
msgstr ""
7802 jlepiller 456
"Le répertoire <filename class=\"directory\">/etc/ssl/local</filename> est "
457
"disponible pour ajouter des certificats de CA supplémentaires sur le "
458
"système. Par exemple, vous pourriez avoir besoin d'ajouter une CA d'une "
459
"organisation ou d'un gouvernement. Les fichiers de ce répertoire doivent "
460
"être au format de certification de confiance "
461
"d'<application>OpenSSL</application>. Pour créer un certificat de confiance "
462
"<application>OpenSSL</application> depuis un fichier normal encodé en PEM, "
463
"vous devrez ajouter des arguments «&nbsp;trust&nbsp;» à la commande "
464
"<command>openssl</command> et créer un nouveau certificat. Par exemple, si "
465
"vous souhaitez utiliser les racines <ulink "
7800 jlepiller 466
"url=\"http://www.cacert.org/\">CAcert</ulink> pour que les deux soient de "
467
"confiance pour ces trois rôles, les commandes suivantes créeront des "
468
"certificats de confiance OpenSSL approprié (à lancer en tant qu'utilisateur "
469
"<systemitem class=\"username\">root</systemitem> après l'installation de "
470
"<xref linkend=\"wget\"/>)&nbsp;:"
471
 
472
#. type: Content of: <sect1><sect2><screen>
8093 jlepiller 473
#: blfs-en/postlfs/security/make-ca.xml:222
7800 jlepiller 474
#, no-wrap
475
msgid ""
7881 jlepiller 476
"<userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
7800 jlepiller 477
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
478
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
479
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
480
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
481
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
482
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
7881 jlepiller 483
"        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;\n"
484
"/usr/sbin/make-ca -r -f</userinput>"
7800 jlepiller 485
msgstr ""
7881 jlepiller 486
"<userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;\n"
7800 jlepiller 487
"wget http://www.cacert.org/certs/class3.crt &amp;&amp;\n"
488
"openssl x509 -in root.crt -text -fingerprint -setalias \"CAcert Class 1 root\" \\\n"
489
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
490
"        > /etc/ssl/local/CAcert_Class_1_root.pem &amp;&amp;\n"
491
"openssl x509 -in class3.crt -text -fingerprint -setalias \"CAcert Class 3 root\" \\\n"
492
"        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \\\n"
7881 jlepiller 493
"        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;\n"
494
"/usr/sbin/make-ca -r -f</userinput>"
7800 jlepiller 495
 
496
#. type: Content of: <sect1><sect2><bridgehead>
8093 jlepiller 497
#: blfs-en/postlfs/security/make-ca.xml:232
7800 jlepiller 498
msgid "Overriding Mozilla Trust"
7802 jlepiller 499
msgstr "Remplacer la confiance de Mozilla"
7800 jlepiller 500
 
501
#. type: Content of: <sect1><sect2><para>
8093 jlepiller 502
#: blfs-en/postlfs/security/make-ca.xml:234
7800 jlepiller 503
msgid ""
504
"Occasionally, there may be instances where you don't agree with Mozilla's "
505
"inclusion of a particular certificate authority. If you'd like to override "
506
"the default trust of a particular CA, simply create a copy of the existing "
507
"certificate in <filename class=\"directory\">/etc/ssl/local</filename> with "
508
"different trust arguments. For example, if you'd like to distrust the "
509
"\"Makebelieve_CA_Root\" file, run the following commands:"
510
msgstr ""
7802 jlepiller 511
"Parfois, il peut arriver que vous ne soyez pas d'accord avec l'inclusion "
512
"d'une autorité de certification particulière. Si vous voulez remplacer la "
513
"confiance par défaut d'une CA particulière, créez simplement une copie du "
514
"certificat existant dans <filename "
515
"class=\"directory\">/etc/ssl/local</filename> avec des arguments de "
516
"confiances différents. Par exemple, si vous ne voulez pas faire confiance au"
517
" fichier «&nbsp;Makebelieve_CA_Root&nbsp;», lancez les commandes "
518
"suivantes&nbsp;:"
7800 jlepiller 519
 
520
#. type: Content of: <sect1><sect2><screen>
8093 jlepiller 521
#: blfs-en/postlfs/security/make-ca.xml:242
7800 jlepiller 522
#, no-wrap
523
msgid ""
7881 jlepiller 524
"<userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
7800 jlepiller 525
"             -text \\\n"
7956 jlepiller 526
"             -fingerprint \\\n"
7800 jlepiller 527
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
528
"             -addreject serverAuth \\\n"
529
"             -addreject emailProtection \\\n"
530
"             -addreject codeSigning \\\n"
531
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
532
"/usr/sbin/make-ca -r -f</userinput>"
533
msgstr ""
7881 jlepiller 534
"<userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \\\n"
7800 jlepiller 535
"             -text \\\n"
7956 jlepiller 536
"             -fingerprint \\\n"
7800 jlepiller 537
"             -setalias \"Disabled Makebelieve CA Root\" \\\n"
538
"             -addreject serverAuth \\\n"
539
"             -addreject emailProtection \\\n"
540
"             -addreject codeSigning \\\n"
541
"       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;\n"
542
"/usr/sbin/make-ca -r -f</userinput>"
543
 
7687 jlepiller 544
#. type: Content of: <sect1><sect2><title>
8093 jlepiller 545
#: blfs-en/postlfs/security/make-ca.xml:255
7355 jlepiller 546
msgid "Contents"
547
msgstr "Contenu"
548
 
549
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
8093 jlepiller 550
#: blfs-en/postlfs/security/make-ca.xml:258
7355 jlepiller 551
msgid "Installed Programs"
552
msgstr "Programmes installés"
553
 
554
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
8093 jlepiller 555
#: blfs-en/postlfs/security/make-ca.xml:259
7355 jlepiller 556
msgid "Installed Directories"
557
msgstr "Répertoires installés"
558
 
559
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
8093 jlepiller 560
#: blfs-en/postlfs/security/make-ca.xml:263
7800 jlepiller 561
msgid "/etc/ssl/{certs,local} and /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7802 jlepiller 562
msgstr "/etc/ssl/{certs,local} et /etc/pki/{nssdb,anchors,tls/{certs,java}}"
7355 jlepiller 563
 
564
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
8093 jlepiller 565
#: blfs-en/postlfs/security/make-ca.xml:269
7355 jlepiller 566
msgid "Short Descriptions"
567
msgstr "Descriptions courtes"
568
 
569
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
8093 jlepiller 570
#: blfs-en/postlfs/security/make-ca.xml:274
7355 jlepiller 571
msgid "<command>make-ca</command>"
572
msgstr "<command>make-ca</command>"
573
 
574
#. type: Content of:
575
#. <sect1><sect2><variablelist><varlistentry><listitem><para>
8093 jlepiller 576
#: blfs-en/postlfs/security/make-ca.xml:276
7355 jlepiller 577
msgid ""
578
"is a shell script that adapts a current version of "
579
"<filename>certdata.txt</filename>, and prepares it for use as the system "
7605 jlepiller 580
"trust store."
7355 jlepiller 581
msgstr ""
582
"est un script shell qui adapte une version actuelle de "
7605 jlepiller 583
"<filename>certdata.txt</filename> et le prépare pour l'utiliser comme banque"
584
" de confiance du système."
7355 jlepiller 585
 
8093 jlepiller 586
#~ msgid ""
587
#~ "Previous versions of BLFS used the path <filename>/etc/ssl/ca-"
588
#~ "bundle.crt</filename> for the <xref linkend=\"gnutls\"/> certificate store. "
589
#~ "If software is still installed that references this file, create a "
590
#~ "compatibility symlink for the old location as the <systemitem "
591
#~ "class=\"username\">root</systemitem> user:"
592
#~ msgstr ""
593
#~ "Les versions précédentes de BLFS utilisaient le chemin "
594
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> pour le dépôt des certificats de"
595
#~ " <xref linkend=\"gnutls\"/>. Si des logiciels référençant ce fichier sont "
596
#~ "toujours installés, créez un lien symbolique de compatibilité pour l'ancien "
597
#~ "emplacement en tant qu'utilisateur <systemitem "
598
#~ "class=\"username\">root</systemitem>&nbsp;:"
599
 
600
#~ msgid ""
601
#~ "<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-"
602
#~ "bundle.crt</userinput>"
603
#~ msgstr ""
604
#~ "<userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-"
605
#~ "bundle.crt</userinput>"
606
 
8083 jlepiller 607
#~ msgid "28 KB"
608
#~ msgstr "28 Ko"
609
 
610
#~ msgid "995896ca8b4ee1f92a4a8fa46585d59d"
611
#~ msgstr "995896ca8b4ee1f92a4a8fa46585d59d"
612
 
7881 jlepiller 613
#~ msgid "5b68cf77b02d5681f8419b8acfd139c0"
614
#~ msgstr "5b68cf77b02d5681f8419b8acfd139c0"
615
 
7724 jlepiller 616
#~ msgid "417a8ebfb3d6ac4821c1e508a0a3981f"
617
#~ msgstr "417a8ebfb3d6ac4821c1e508a0a3981f"
618
 
7723 jlepiller 619
#~ msgid "b038d38233f970aad60c29dfc0502021"
620
#~ msgstr "b038d38233f970aad60c29dfc0502021"
621
 
7687 jlepiller 622
#~ msgid "36 KB"
623
#~ msgstr "36 Ko"
7660 jlepiller 624
 
7687 jlepiller 625
#~ msgid "0eeaf712eedeae4fa55d8bfa37f4ca32"
626
#~ msgstr "0eeaf712eedeae4fa55d8bfa37f4ca32"
627
 
628
#~ msgid ""
629
#~ "Mozilla Release (the version provided by BLFS): <ulink "
630
#~ "url=\"&certhost;releases/mozilla-release/raw-"
631
#~ "file/default/security/nss&certpath;\"/>"
632
#~ msgstr ""
633
#~ "Mozilla Release (la version fournie par BLFS)&nbsp;: <ulink "
634
#~ "url=\"&certhost;releases/mozilla-release/raw-"
635
#~ "file/default/security/nss&certpath;\"/>"
636
 
637
#~ msgid ""
638
#~ "NSS (this is the latest available version): <ulink "
639
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
640
#~ msgstr ""
641
#~ "NSS (c'est la dernière version disponible)&nbsp;: <ulink "
642
#~ "url=\"&certhost;projects/nss/raw-file/tip&certpath;\"/>"
643
 
644
#~ msgid ""
645
#~ "Mozilla Central: <ulink url=\"&certhost;mozilla-central/raw-"
646
#~ "file/default/security/nss&certpath;\"/>"
647
#~ msgstr ""
648
#~ "Mozilla Central&nbsp;: <ulink url=\"&certhost;mozilla-central/raw-"
649
#~ "file/default/security/nss&certpath;\"/>"
650
 
651
#~ msgid ""
652
#~ "Mozilla Beta: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
653
#~ "file/default/security/nss&certpath;\"/>"
654
#~ msgstr ""
655
#~ "Mozilla Beta&nbsp;: <ulink url=\"&certhost;releases/mozilla-beta/raw-"
656
#~ "file/default/security/nss&certpath;\"/>"
657
 
658
#~ msgid ""
659
#~ "Mozilla Aurora: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
660
#~ "file/default/security/nss&certpath;\"/>"
661
#~ msgstr ""
662
#~ "Mozilla Aurora&nbsp;: <ulink url=\"&certhost;releases/mozilla-aurora/raw-"
663
#~ "file/default/security/nss&certpath;\"/>"
664
 
665
#~ msgid "Installed Libraries"
666
#~ msgstr "Bibliothèques installées"
667
 
668
#~ msgid "None"
669
#~ msgstr "Aucune"
670
 
7630 jlepiller 671
#~ msgid "Recommended"
672
#~ msgstr "Recommandées"
673
 
7605 jlepiller 674
#~ msgid "1f0176c4fa89274971b2826a97f303f7"
675
#~ msgstr "1f0176c4fa89274971b2826a97f303f7"
676
 
7465 jlepiller 677
#~ msgid "4f180b9bf3b11f29d6a79e6022aeae23"
678
#~ msgstr "4f180b9bf3b11f29d6a79e6022aeae23"
7409 jlepiller 679
 
7465 jlepiller 680
#~ msgid ""
681
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
682
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
683
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
684
#~ "/usr/sbin/make-ca -g</userinput>"
685
#~ msgstr ""
686
#~ "<userinput>sed -e 's%= /etc/ssl;%= \"/etc/ssl\";%' \\\n"
687
#~ "    -e 's%= /usr;%= \"/usr\";%'         \\\n"
688
#~ "    -i /usr/bin/c_rehash              &amp;&amp;\n"
689
#~ "/usr/sbin/make-ca -g</userinput>"
690
 
691
#~ msgid ""
692
#~ "The <command>sed</command> command works around missing quotes in "
693
#~ "<command>c_rehash</command> from openssl-1.1.0h and can be safely rerun (the"
694
#~ " \" inserted the first time will prevent matches on subsequent runs)."
695
#~ msgstr ""
696
#~ "La commande <command>sed</command> contourne le manque de guillemets dans "
697
#~ "<command>c_rehash</command> d'openssl-1.1.0h et peut être relancé sans "
698
#~ "problème (le \" inséré la première fois évitera une correspondance sur les "
699
#~ "lancements suivants)."
700
 
7355 jlepiller 701
#~ msgid "Certificate Authority Certificates"
702
#~ msgstr "Certificats d'autorité de certification"
703
 
704
#~ msgid "Certificate Authority Certificates Dependencies"
705
#~ msgstr "Dépendances de Certificate Authority Certificates"
706
 
707
#~ msgid "Installation of Certificate Authority Certificates"
708
#~ msgstr "Installation de Certificate Authority Certificates"
709
 
710
#~ msgid "851f9e267f343c54db8caa87ec5b3d75"
711
#~ msgstr "851f9e267f343c54db8caa87ec5b3d75"
712
 
713
#~ msgid "<xref linkend=\"openssl\"/>"
714
#~ msgstr "<xref linkend=\"openssl\"/>"
715
 
716
#~ msgid "25033ded9dd0979226b8f3fd2792bd3a"
717
#~ msgstr "25033ded9dd0979226b8f3fd2792bd3a"
718
 
719
#~ msgid "&sources-anduin-http;/other/certdata.txt"
720
#~ msgstr "&sources-anduin-http;/other/certdata.txt"
721
 
722
#~ msgid "1.6 MB"
723
#~ msgstr "1.6 Mo"
724
 
725
#~ msgid "24 KB"
726
#~ msgstr "24 Ko"
727
 
728
#~ msgid "a21a04d6ff5c4645c748220dbaa9f221"
729
#~ msgstr "a21a04d6ff5c4645c748220dbaa9f221"
730
 
731
#~ msgid "Additional Downloads"
732
#~ msgstr "Téléchargements supplémentaires"
733
 
734
#~ msgid "CA Certificates <ulink url=\"&ca-bundle-download;\"/>"
735
#~ msgstr "Certificats de CA <ulink url=\"&ca-bundle-download;\"/>"
736
 
737
#~ msgid ""
738
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
739
#~ "ca.sh</userinput>"
740
#~ msgstr ""
741
#~ "<userinput>install -vm755 make-ca.sh-&make-ca-version; /usr/sbin/make-"
742
#~ "ca.sh</userinput>"
743
 
744
#~ msgid ""
745
#~ "You should periodically download a copy of <filename>certdata.txt</filename>"
746
#~ " and run the <application>make-ca.sh</application> script (as the "
747
#~ "<systemitem class=\"username\">root</systemitem> user), or as part of a "
748
#~ "monthly <application>cron</application> job to ensure that you have the "
749
#~ "latest available version of the certificates."
750
#~ msgstr ""
751
#~ "Vous devriez télécharger régulièrement une copie de "
752
#~ "<filename>certdata.txt</filename> et lancer le script <application>make-"
753
#~ "ca.sh</application> (en tant qu'utilisateur <systemitem "
754
#~ "class=\"username\">root</systemitem>), ou en tant que tâche "
755
#~ "<application>cron</application> mensuelle pour vous assurer d'avoir la "
756
#~ "dernière version disponible des certificats."
757
 
758
#~ msgid "make-ca.sh"
759
#~ msgstr "make-ca.sh"
760
 
761
#~ msgid "b42fd97c173ef67a37fb05ed7587e0a8"
762
#~ msgstr "b42fd97c173ef67a37fb05ed7587e0a8"
763
 
764
#~ msgid "11 KB"
765
#~ msgstr "11 Ko"
766
 
767
#~ msgid "cce9fa4713c4611d9e61f99de612a1e9"
768
#~ msgstr "cce9fa4713c4611d9e61f99de612a1e9"
769
 
770
#~ msgid "5e41c17a3dd6b8195c55092e87e92ef0"
771
#~ msgstr "5e41c17a3dd6b8195c55092e87e92ef0"
772
 
773
#~ msgid "fca9ae62242800a9dcaee5d400ee5c41"
774
#~ msgstr "fca9ae62242800a9dcaee5d400ee5c41"
775
 
776
#~ msgid "9e416981cd153d8923e06dc8e39ac534"
777
#~ msgstr "9e416981cd153d8923e06dc8e39ac534"
778
 
779
#~ msgid "65c6cbbb11e6d124b047f4aa0dcb2808"
780
#~ msgstr "65c6cbbb11e6d124b047f4aa0dcb2808"
781
 
782
#~ msgid "fbc5687ce7fd5533edbb4e616a1080de"
783
#~ msgstr "fbc5687ce7fd5533edbb4e616a1080de"
784
 
785
#~ msgid "487ca7ce6f7b81b3e46362138f93310c"
786
#~ msgstr "487ca7ce6f7b81b3e46362138f93310c"
787
 
788
#~ msgid "1.4 MB"
789
#~ msgstr "1.4 Mo"
790
 
791
#~ msgid "0.1 SBU"
792
#~ msgstr "0.1 SBU"
793
 
794
#~ msgid ""
795
#~ "The Public Key Infrastructure is used for many security features in a Linux "
796
#~ "system.  In order for a certificate to be trusted, it must be signed by a "
797
#~ "trusted agent called a Certificate Authority (CA). The certificates "
798
#~ "installed in this section are obtained from the Mozilla version control "
799
#~ "system, and reformatted for use by <xref linkend='openssl'/> and <xref "
800
#~ "linkend='gnutls'/>. The certificates can also be used by other applications,"
801
#~ " either directly or indirectly by linking to one of these packages."
802
#~ msgstr ""
803
#~ "La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
804
#~ "de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
805
#~ "système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
806
#~ "agent de confiance, qu'on appelle l'autorité de certification "
807
#~ "(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
808
#~ "certificats chargés dans cette section sont issus de la liste du système de "
809
#~ "contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
810
#~ "linkend=\"openssl\"/> et <xref linkend='gnutls'/>.  Les certificats peuvent "
811
#~ "également être utilisés par d'autres applications, directement ou "
812
#~ "indirectement via <application>openssl</application>."
813
 
814
#~ msgid ""
815
#~ "The <application>make-ca.sh</application> script will download a set of "
816
#~ "certificates from one of five projects (aurora, beta, central, nss, or "
817
#~ "release) in the Mozialla version control system. It defaults to the release "
818
#~ "branch, which is identical to the version that ships with the Mozilla "
819
#~ "products in this book. If you'd like to change the branch that is retrieved,"
820
#~ " edit the file and set <envar>CERTSOURCE</envar> to one of the five values "
821
#~ "above."
822
#~ msgstr ""
823
#~ "Le script <application>make-ca.sh</application> téléchargement un ensemble "
824
#~ "de certificats depuis l'un des cinq projets (aurora, beta, central, nss ou "
825
#~ "release) du système de contrôle de version de Mozilla. Il est réglé par "
826
#~ "défaut sur la branche release, qui est identique à la version qui vient avec"
827
#~ " les produits Mozilla de ce livre. Si vous préférez changer la branche qui "
828
#~ "est récupérée, modifiez le fichier et mettez <envar>CERTSOURCE</envar> à "
829
#~ "l'une des cinq valeurs ci-dessus."
830
 
831
#~ msgid ""
832
#~ "Additionally, any local certificates stored in "
833
#~ "<filename>/etc/ssl/local</filename> will be copied into both the single-file"
834
#~ " <filename>/etc/ssl/ca-bundle.crt</filename> (used by programs that link to "
835
#~ "<application>gnutls</application>), and into the certificate store directory"
836
#~ " <filename>/etc/ssl/certs</filename> (used by programs that link to "
837
#~ "<application>OpenSSL</application>). All certificates will pass a date and "
838
#~ "trust validation, and any existing certificates in <filename>/etc/ssl/ca-"
839
#~ "bundle.crt</filename> or <filename>/etc/ssl/certs</filename> will be removed"
840
#~ " upon successful completion of this script."
841
#~ msgstr ""
842
#~ "De plus, tout certificat local stocké dans "
843
#~ "<filename>/etc/ssl/local</filename> sera copié dans le fichier "
844
#~ "<filename>/etc/ssl/ca-bundle.crt</filename> (utilisé par les programmes qui "
845
#~ "se lient à <application>gnutls</application>) et dans le répertoire du "
846
#~ "magasin de certificats <filename>/etc/ssl/certs</filename> (utilisé par les "
847
#~ "programmes qui se lient à <application>OpenSSL</application>). Tous les "
848
#~ "certificats passeront un test de validation de leur date et de leur "
849
#~ "confiance, et tout certificat existant dans <filename>/etc/ssl/ca-"
850
#~ "bundle.crt</filename> ou <filename>/etc/ssl-certs</filename> sera supprimé à"
851
#~ " la fin de ce script si tout va bien."
852
 
853
#~ msgid ""
854
#~ "Finally, if you've installed <xref linkend=\"java\"/> or <xref "
855
#~ "linkend=\"openjdk\"/>, then it will also update the java cacerts file at "
856
#~ "<filename>/etc/ssl/java/cacerts</filename>."
857
#~ msgstr ""
858
#~ "Enfin, si vous avez installé <xref linkend=\"java\"/> ou <xref "
859
#~ "linkend=\"openjdk\"/>, il mettra aussi à jour le fichier cacerts de java "
860
#~ "dans <filename>/etc/ssl/java/cacerts</filename>."
861
 
862
#~ msgid ""
863
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
864
#~ "/usr/sbin/make-ca.sh\n"
865
#~ "</userinput>"
866
#~ msgstr ""
867
#~ "<userinput>install -vdm755 /etc/ssl/{certs,java,local} &amp;&amp;\n"
868
#~ "/usr/sbin/make-ca.sh\n"
869
#~ "</userinput>"
870
 
871
#~ msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
872
#~ msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
873
 
874
#~ msgid "6 MB"
875
#~ msgstr "6 Mo"
876
 
877
#~ msgid ""
878
#~ "The certfile.txt file above is actually retrieved from <ulink "
879
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
880
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  It is"
881
#~ " really an HTML file, but the text file can be retrieved indirectly from the"
882
#~ " HTML file.  The Download URL above automates that process and also adds a "
883
#~ "line where the date can be extracted as a revision number by the scripts "
884
#~ "below."
885
#~ msgstr ""
886
#~ "Le fichier certfile.txt dessous est en fait récupéré depuis <ulink "
887
#~ "url=\"https://hg.mozilla.org/releases/mozilla-"
888
#~ "release/file/default/security/nss/lib/ckfw/builtins/certdata.txt\"/>.  C'est"
889
#~ " en fait un fichier HTML, mais le fichier texte peut être pris indirectement"
890
#~ " depuis le fichier HTML. L'URL dessous automatise ce processus et ajoute "
891
#~ "aussi une ligne où la date peut être extraite en tant que numéro de révision"
892
#~ " par le script."
893
 
894
#~ msgid ""
895
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
896
#~ "<literal>#!/usr/bin/perl -w\n"
897
#~ "\n"
898
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
899
#~ "# Run as ./make-cert.pl > certificate.crt\n"
900
#~ "#\n"
901
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
902
#~ "#\n"
903
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
904
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
905
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
906
#~ "#\n"
907
#~ "# Authors: DJ Lucas\n"
908
#~ "#          Bruce Dubbs\n"
909
#~ "#\n"
910
#~ "# Version 20120211\n"
911
#~ "\n"
912
#~ "my $certdata = './tempfile.cer';\n"
913
#~ "\n"
914
#~ "open( IN, \"cat $certdata|\" )\n"
915
#~ "    || die \"could not open $certdata\";\n"
916
#~ "\n"
917
#~ "my $incert = 0;\n"
918
#~ "\n"
919
#~ "while ( &lt;IN&gt; )\n"
920
#~ "{\n"
921
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
922
#~ "    {\n"
923
#~ "        $incert = 1;\n"
924
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
925
#~ "            || die \"could not pipe to openssl x509\";\n"
926
#~ "    }\n"
927
#~ "\n"
928
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
929
#~ "    {\n"
930
#~ "        close( OUT );\n"
931
#~ "        $incert = 0;\n"
932
#~ "        print \"\\n\\n\";\n"
933
#~ "    }\n"
934
#~ "\n"
935
#~ "    elsif ($incert)\n"
936
#~ "    {\n"
937
#~ "        my @bs = split( /\\\\/ );\n"
938
#~ "        foreach my $b (@bs)\n"
939
#~ "        {\n"
940
#~ "            chomp $b;\n"
941
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
942
#~ "        }\n"
943
#~ "    }\n"
944
#~ "}</literal>\n"
945
#~ "EOF\n"
946
#~ "\n"
947
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
948
#~ msgstr ""
949
#~ "<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
950
#~ "<literal>#!/usr/bin/perl -w\n"
951
#~ "\n"
952
#~ "# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
953
#~ "# Run as ./make-cert.pl > certificate.crt\n"
954
#~ "#\n"
955
#~ "# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
956
#~ "#\n"
957
#~ "# This script modified for use with single file data (tempfile.cer) extracted\n"
958
#~ "# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
959
#~ "# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
960
#~ "#\n"
961
#~ "# Authors: DJ Lucas\n"
962
#~ "#          Bruce Dubbs\n"
963
#~ "#\n"
964
#~ "# Version 20120211\n"
965
#~ "\n"
966
#~ "my $certdata = './tempfile.cer';\n"
967
#~ "\n"
968
#~ "open( IN, \"cat $certdata|\" )\n"
969
#~ "    || die \"could not open $certdata\";\n"
970
#~ "\n"
971
#~ "my $incert = 0;\n"
972
#~ "\n"
973
#~ "while ( &lt;IN&gt; )\n"
974
#~ "{\n"
975
#~ "    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
976
#~ "    {\n"
977
#~ "        $incert = 1;\n"
978
#~ "        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
979
#~ "            || die \"could not pipe to openssl x509\";\n"
980
#~ "    }\n"
981
#~ "\n"
982
#~ "    elsif ( /^END/ &amp;&amp; $incert )\n"
983
#~ "    {\n"
984
#~ "        close( OUT );\n"
985
#~ "        $incert = 0;\n"
986
#~ "        print \"\\n\\n\";\n"
987
#~ "    }\n"
988
#~ "\n"
989
#~ "    elsif ($incert)\n"
990
#~ "    {\n"
991
#~ "        my @bs = split( /\\\\/ );\n"
992
#~ "        foreach my $b (@bs)\n"
993
#~ "        {\n"
994
#~ "            chomp $b;\n"
995
#~ "            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
996
#~ "        }\n"
997
#~ "    }\n"
998
#~ "}</literal>\n"
999
#~ "EOF\n"
1000
#~ "\n"
1001
#~ "chmod +x /usr/bin/make-cert.pl</userinput>"
1002
 
1003
#~ msgid ""
1004
#~ "The following script creates the certificates and a bundle of all the "
1005
#~ "certificates.  It creates a <filename class='directory'>./certs</filename> "
1006
#~ "directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
1007
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1008
#~ "user:"
1009
#~ msgstr ""
1010
#~ "Le script suivant crée les certificats et un bouquet de tous les "
1011
#~ "certificats. Il crée un répertoire <filename "
1012
#~ "class='directory'>./certs</filename> et <filename>./BLFS-ca-"
1013
#~ "bundle-${VERSION}.crt</filename>.  Créez de nouveau ce script en tant "
1014
#~ "qu'utilisateur <systemitem class=\"username\">root</systemitem>&nbsp;:"
1015
 
1016
#~ msgid ""
1017
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
1018
#~ "<literal>#!/bin/sh\n"
1019
#~ "# Begin make-ca.sh\n"
1020
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
1021
#~ "#\n"
1022
#~ "# The file certdata.txt must exist in the local directory\n"
1023
#~ "# Version number is obtained from the version of the data.\n"
1024
#~ "#\n"
1025
#~ "# Authors: DJ Lucas\n"
1026
#~ "#          Bruce Dubbs\n"
1027
#~ "#\n"
1028
#~ "# Version 20120211\n"
1029
#~ "\n"
1030
#~ "# Some data in the certs have UTF-8 characters\n"
1031
#~ "export LANG=en_US.utf8\n"
1032
#~ "\n"
1033
#~ "certdata=\"certdata.txt\"\n"
1034
#~ "\n"
1035
#~ "if [ ! -r $certdata ]; then\n"
1036
#~ "  echo \"$certdata must be in the local directory\"\n"
1037
#~ "  exit 1\n"
1038
#~ "fi\n"
1039
#~ "\n"
1040
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1041
#~ "\n"
1042
#~ "if [ -z \"${REVISION}\" ]; then\n"
1043
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1044
#~ "  exit 1\n"
1045
#~ "fi\n"
1046
#~ "\n"
1047
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1048
#~ "\n"
1049
#~ "TEMPDIR=$(mktemp -d)\n"
1050
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1051
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1052
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1053
#~ "SSLDIR=\"/etc/ssl\"\n"
1054
#~ "\n"
1055
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1056
#~ "\n"
1057
#~ "# Get a list of starting lines for each cert\n"
1058
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1059
#~ "\n"
1060
#~ "# Get a list of ending lines for each cert\n"
1061
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1062
#~ "\n"
1063
#~ "# Start a loop\n"
1064
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1065
#~ "  for certend in ${CERTENDLIST}; do\n"
1066
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1067
#~ "      break\n"
1068
#~ "    fi\n"
1069
#~ "  done\n"
1070
#~ "\n"
1071
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1072
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1073
#~ "done\n"
1074
#~ "\n"
1075
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1076
#~ "\n"
1077
#~ "mkdir -p certs\n"
1078
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1079
#~ "\n"
1080
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1081
#~ "  # Make sure that the cert is trusted...\n"
1082
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1083
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1084
#~ "\n"
1085
#~ "  if test \"${?}\" = \"0\"; then\n"
1086
#~ "    # Throw a meaningful error and remove the file\n"
1087
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1088
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1089
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1090
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1091
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1092
#~ "    continue\n"
1093
#~ "  fi\n"
1094
#~ "\n"
1095
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1096
#~ "  # Find the cert data and generate a cert file for it\n"
1097
#~ "\n"
1098
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1099
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1100
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1101
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1102
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1103
#~ "  echo \"Created ${keyhash}.pem\"\n"
1104
#~ "done\n"
1105
#~ "\n"
1106
#~ "# Remove blacklisted files\n"
1107
#~ "# MD5 Collision Proof of Concept CA\n"
1108
#~ "if test -f certs/8f111d69.pem; then\n"
1109
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1110
#~ "  rm -f certs/8f111d69.pem\n"
1111
#~ "fi\n"
1112
#~ "\n"
1113
#~ "# Finally, generate the bundle and clean up.\n"
1114
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1115
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1116
#~ "EOF\n"
1117
#~ "\n"
1118
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1119
#~ msgstr ""
1120
#~ "<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
1121
#~ "<literal>#!/bin/sh\n"
1122
#~ "# Begin make-ca.sh\n"
1123
#~ "# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
1124
#~ "#\n"
1125
#~ "# The file certdata.txt must exist in the local directory\n"
1126
#~ "# Version number is obtained from the version of the data.\n"
1127
#~ "#\n"
1128
#~ "# Authors: DJ Lucas\n"
1129
#~ "#          Bruce Dubbs\n"
1130
#~ "#\n"
1131
#~ "# Version 20120211\n"
1132
#~ "\n"
1133
#~ "# Some data in the certs have UTF-8 characters\n"
1134
#~ "export LANG=en_US.utf8\n"
1135
#~ "\n"
1136
#~ "certdata=\"certdata.txt\"\n"
1137
#~ "\n"
1138
#~ "if [ ! -r $certdata ]; then\n"
1139
#~ "  echo \"$certdata must be in the local directory\"\n"
1140
#~ "  exit 1\n"
1141
#~ "fi\n"
1142
#~ "\n"
1143
#~ "REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
1144
#~ "\n"
1145
#~ "if [ -z \"${REVISION}\" ]; then\n"
1146
#~ "  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
1147
#~ "  exit 1\n"
1148
#~ "fi\n"
1149
#~ "\n"
1150
#~ "VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
1151
#~ "\n"
1152
#~ "TEMPDIR=$(mktemp -d)\n"
1153
#~ "TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
1154
#~ "BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
1155
#~ "CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
1156
#~ "SSLDIR=\"/etc/ssl\"\n"
1157
#~ "\n"
1158
#~ "mkdir \"${TEMPDIR}/certs\"\n"
1159
#~ "\n"
1160
#~ "# Get a list of starting lines for each cert\n"
1161
#~ "CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
1162
#~ "\n"
1163
#~ "# Get a list of ending lines for each cert\n"
1164
#~ "CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
1165
#~ "\n"
1166
#~ "# Start a loop\n"
1167
#~ "for certbegin in ${CERTBEGINLIST}; do\n"
1168
#~ "  for certend in ${CERTENDLIST}; do\n"
1169
#~ "    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
1170
#~ "      break\n"
1171
#~ "    fi\n"
1172
#~ "  done\n"
1173
#~ "\n"
1174
#~ "  # Dump to a temp file with the name of the file as the beginning line number\n"
1175
#~ "  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
1176
#~ "done\n"
1177
#~ "\n"
1178
#~ "unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
1179
#~ "\n"
1180
#~ "mkdir -p certs\n"
1181
#~ "rm -f certs/*      # Make sure the directory is clean\n"
1182
#~ "\n"
1183
#~ "for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
1184
#~ "  # Make sure that the cert is trusted...\n"
1185
#~ "  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
1186
#~ "    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
1187
#~ "\n"
1188
#~ "  if test \"${?}\" = \"0\"; then\n"
1189
#~ "    # Throw a meaningful error and remove the file\n"
1190
#~ "    cp \"${tempfile}\" tempfile.cer\n"
1191
#~ "    perl ${CONVERTSCRIPT} > tempfile.crt\n"
1192
#~ "    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1193
#~ "    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
1194
#~ "    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
1195
#~ "    continue\n"
1196
#~ "  fi\n"
1197
#~ "\n"
1198
#~ "  # If execution made it to here in the loop, the temp cert is trusted\n"
1199
#~ "  # Find the cert data and generate a cert file for it\n"
1200
#~ "\n"
1201
#~ "  cp \"${tempfile}\" tempfile.cer\n"
1202
#~ "  perl ${CONVERTSCRIPT} > tempfile.crt\n"
1203
#~ "  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
1204
#~ "  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
1205
#~ "  rm -f tempfile.cer \"${tempfile}\"\n"
1206
#~ "  echo \"Created ${keyhash}.pem\"\n"
1207
#~ "done\n"
1208
#~ "\n"
1209
#~ "# Remove blacklisted files\n"
1210
#~ "# MD5 Collision Proof of Concept CA\n"
1211
#~ "if test -f certs/8f111d69.pem; then\n"
1212
#~ "  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
1213
#~ "  rm -f certs/8f111d69.pem\n"
1214
#~ "fi\n"
1215
#~ "\n"
1216
#~ "# Finally, generate the bundle and clean up.\n"
1217
#~ "cat certs/*.pem >  ${BUNDLE}\n"
1218
#~ "rm -r \"${TEMPDIR}\"</literal>\n"
1219
#~ "EOF\n"
1220
#~ "\n"
1221
#~ "chmod +x /usr/bin/make-ca.sh</userinput>"
1222
 
1223
#~ msgid ""
1224
#~ "Add a short script to remove expired certificates from a directory.  Again "
1225
#~ "create this script as the <systemitem class=\"username\">root</systemitem> "
1226
#~ "user:"
1227
#~ msgstr ""
1228
#~ "Ajoutez un script bref pour supprimer les certificats expirés d'un "
1229
#~ "répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
1230
#~ "class=\"username\">root</systemitem>&nbsp;:"
1231
 
1232
#~ msgid ""
1233
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1234
#~ "<literal>#!/bin/sh\n"
1235
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1236
#~ "#\n"
1237
#~ "# Version 20120211\n"
1238
#~ "\n"
1239
#~ "# Make sure the date is parsed correctly on all systems\n"
1240
#~ "mydate()\n"
1241
#~ "{\n"
1242
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1243
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1244
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1245
#~ "  local m\n"
1246
#~ "\n"
1247
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1248
#~ "\n"
1249
#~ "  case $M in\n"
1250
#~ "    Jan) m=\"01\";;\n"
1251
#~ "    Feb) m=\"02\";;\n"
1252
#~ "    Mar) m=\"03\";;\n"
1253
#~ "    Apr) m=\"04\";;\n"
1254
#~ "    May) m=\"05\";;\n"
1255
#~ "    Jun) m=\"06\";;\n"
1256
#~ "    Jul) m=\"07\";;\n"
1257
#~ "    Aug) m=\"08\";;\n"
1258
#~ "    Sep) m=\"09\";;\n"
1259
#~ "    Oct) m=\"10\";;\n"
1260
#~ "    Nov) m=\"11\";;\n"
1261
#~ "    Dec) m=\"12\";;\n"
1262
#~ "  esac\n"
1263
#~ "\n"
1264
#~ "  certdate=\"${y}${m}${d}\"\n"
1265
#~ "}\n"
1266
#~ "\n"
1267
#~ "OPENSSL=/usr/bin/openssl\n"
1268
#~ "DIR=/etc/ssl/certs\n"
1269
#~ "\n"
1270
#~ "if [ $# -gt 0 ]; then\n"
1271
#~ "  DIR=\"$1\"\n"
1272
#~ "fi\n"
1273
#~ "\n"
1274
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1275
#~ "today=$( date +%Y%m%d )\n"
1276
#~ "\n"
1277
#~ "for cert in $certs; do\n"
1278
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1279
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1280
#~ "  mydate \"$date\"\n"
1281
#~ "\n"
1282
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1283
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1284
#~ "     rm -f \"${cert}\"\n"
1285
#~ "  fi\n"
1286
#~ "done</literal>\n"
1287
#~ "EOF\n"
1288
#~ "\n"
1289
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1290
#~ msgstr ""
1291
#~ "<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
1292
#~ "<literal>#!/bin/sh\n"
1293
#~ "# Begin /usr/sbin/remove-expired-certs.sh\n"
1294
#~ "#\n"
1295
#~ "# Version 20120211\n"
1296
#~ "\n"
1297
#~ "# Make sure the date is parsed correctly on all systems\n"
1298
#~ "mydate()\n"
1299
#~ "{\n"
1300
#~ "  local y=$( echo $1 | cut -d\" \" -f4 )\n"
1301
#~ "  local M=$( echo $1 | cut -d\" \" -f1 )\n"
1302
#~ "  local d=$( echo $1 | cut -d\" \" -f2 )\n"
1303
#~ "  local m\n"
1304
#~ "\n"
1305
#~ "  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
1306
#~ "\n"
1307
#~ "  case $M in\n"
1308
#~ "    Jan) m=\"01\";;\n"
1309
#~ "    Feb) m=\"02\";;\n"
1310
#~ "    Mar) m=\"03\";;\n"
1311
#~ "    Apr) m=\"04\";;\n"
1312
#~ "    May) m=\"05\";;\n"
1313
#~ "    Jun) m=\"06\";;\n"
1314
#~ "    Jul) m=\"07\";;\n"
1315
#~ "    Aug) m=\"08\";;\n"
1316
#~ "    Sep) m=\"09\";;\n"
1317
#~ "    Oct) m=\"10\";;\n"
1318
#~ "    Nov) m=\"11\";;\n"
1319
#~ "    Dec) m=\"12\";;\n"
1320
#~ "  esac\n"
1321
#~ "\n"
1322
#~ "  certdate=\"${y}${m}${d}\"\n"
1323
#~ "}\n"
1324
#~ "\n"
1325
#~ "OPENSSL=/usr/bin/openssl\n"
1326
#~ "DIR=/etc/ssl/certs\n"
1327
#~ "\n"
1328
#~ "if [ $# -gt 0 ]; then\n"
1329
#~ "  DIR=\"$1\"\n"
1330
#~ "fi\n"
1331
#~ "\n"
1332
#~ "certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
1333
#~ "today=$( date +%Y%m%d )\n"
1334
#~ "\n"
1335
#~ "for cert in $certs; do\n"
1336
#~ "  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
1337
#~ "  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
1338
#~ "  mydate \"$date\"\n"
1339
#~ "\n"
1340
#~ "  if [ ${certdate} -lt ${today} ]; then\n"
1341
#~ "     echo \"${cert} expired on ${certdate}! Removing...\"\n"
1342
#~ "     rm -f \"${cert}\"\n"
1343
#~ "  fi\n"
1344
#~ "done</literal>\n"
1345
#~ "EOF\n"
1346
#~ "\n"
1347
#~ "chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
1348
 
1349
#~ msgid ""
1350
#~ "The following commands will fetch the certificates and convert them to the "
1351
#~ "correct format.  If desired, a web browser may be used instead of "
1352
#~ "<application>wget</application> but the file will need to be saved with the "
1353
#~ "name <filename>certdata.txt</filename>.  These commands can be repeated as "
1354
#~ "necessary to update the CA Certificates."
1355
#~ msgstr ""
1356
#~ "Les commandes suivantes récupéreront les certificats et les convertiront "
1357
#~ "dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
1358
#~ "Internet plutôt que <application>wget</application> mais le fichier devra "
1359
#~ "être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
1360
#~ "commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
1361
#~ "jour les Certificats CA."
1362
 
1363
#~ msgid ""
1364
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1365
#~ "rm -f certdata.txt &amp;&amp;\n"
1366
#~ "wget $URL          &amp;&amp;\n"
1367
#~ "make-ca.sh         &amp;&amp;\n"
1368
#~ "unset URL</userinput>"
1369
#~ msgstr ""
1370
#~ "<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
1371
#~ "rm -f certdata.txt &amp;&amp;\n"
1372
#~ "wget $URL          &amp;&amp;\n"
1373
#~ "make-ca.sh         &amp;&amp;\n"
1374
#~ "unset URL</userinput>"
1375
 
1376
#~ msgid ""
1377
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1378
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1379
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1380
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1381
#~ "c_rehash                                                     &amp;&amp;\n"
1382
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1383
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1384
#~ "unset SSLDIR</userinput>"
1385
#~ msgstr ""
1386
#~ "<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
1387
#~ "remove-expired-certs.sh certs                                &amp;&amp;\n"
1388
#~ "install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
1389
#~ "cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
1390
#~ "c_rehash                                                     &amp;&amp;\n"
1391
#~ "install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
1392
#~ "ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
1393
#~ "unset SSLDIR</userinput>"
1394
 
1395
#~ msgid "Finally, clean up the current directory:"
1396
#~ msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
1397
 
1398
#~ msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1399
#~ msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
1400
 
1401
#~ msgid ""
1402
#~ "After installing or updating certificates, if OpenJDK is installed, update "
1403
#~ "the certificates for Java using the procedures at <xref linkend='ojdk-"
1404
#~ "certs'/>."
1405
#~ msgstr ""
1406
#~ "Après l'installation ou la mise à jour des certificats, si OpenJDK est "
1407
#~ "installé, mettez à jour les certificats pour Java en utilisant la procédure "
1408
#~ "dans <xref linkend=\"ojdk-certs\"/>."
1409
 
1410
#~ msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
1411
#~ msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
1412
 
1413
#~ msgid "<command>make-cert.pl</command>"
1414
#~ msgstr "<command>make-cert.pl</command>"
1415
 
1416
#~ msgid ""
1417
#~ "is a utility <application>perl</application> script that converts a single "
1418
#~ "binary certificate (.der format) into .pem format."
1419
#~ msgstr ""
1420
#~ "est un script <application>perl</application> qui convertit un certificat "
1421
#~ "binaire unique (format .der) au format .pem."
1422
 
1423
#~ msgid "make-cert"
1424
#~ msgstr "make-cert"
1425
 
1426
#~ msgid "<command>remove-expired-certs.sh</command>"
1427
#~ msgstr "<command>remove-expired-certs.sh</command>"
1428
 
1429
#~ msgid ""
1430
#~ "is a utility shell script that removes expired certificates from a "
1431
#~ "directory.  The default directory is <filename "
1432
#~ "class='directory'>/etc/ssl/certs</filename>."
1433
#~ msgstr ""
1434
#~ "est un script shell qui supprime les certificats expirés d'un répertoire. Le"
1435
#~ " répertoire par défaut est <filename "
1436
#~ "class='directory'>/etc/ssl/certs</filename>."
1437
 
1438
#~ msgid "remove-expired-certs"
1439
#~ msgstr "remove-expired-certs"