Symbian3/PDK/Source/GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6-GENID-1-12-1-26-1-1-10-1-6-1-4-1-4-1-7-1.dita
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Symbian3/PDK/Source/GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6-GENID-1-12-1-26-1-1-10-1-6-1-4-1-4-1-7-1.dita Fri Jul 16 17:23:46 2010 +0100
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License
+"Eclipse Public License v1.0" which accompanies this distribution,
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+ Nokia Corporation - initial contribution.
+Contributors:
+-->
+<!DOCTYPE concept
+ PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6-GENID-1-12-1-26-1-1-10-1-6-1-4-1-4-1-7-1" xml:lang="en"><title>Manipulating
+Applicability and Trust Settings for a Certificate</title><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>A certificate can be trusted for a certain task or application. Currently,
+the following applications are defined: </p>
+<ul>
+<li id="GUID-7AA1F386-C411-5C87-B234-9FEC74ADE9A0"><p>Software installation
+(SWInstall) </p> </li>
+<li id="GUID-7C7932B0-CF2F-5A07-9873-FC24BDAFBA29"><p>Signature verification
+of OCSP response (SWInstallOCSP) </p> </li>
+<li id="GUID-24224A47-76A0-578E-8FCD-7658640B568A"><p>TLS/SSL authentication
+(TLS/SSL) </p> </li>
+</ul>
+<p>The SWInstall application allows us to use a given certificate to verify
+the signature of the signed sis files you want to install. A certificate with
+SWInstallOCSP applicability can be used to verify the signature of OCSP responses. </p>
+<p>Certificate can be used to perform TLS and SSL authentication. Certificates
+are trusted to do that with the TLS/SSL application. </p>
+<p> <codeph>certtool</codeph> offers three commands to manipulate the applications
+of a given certificate: setapps, addapps and removeapps. </p>
+<p>For this to work, <filepath>certclients.dat</filepath> should exist in <filepath>c:\private\101f72a6\</filepath> with
+the required application. </p>
+<p><b>The setapps command </b> </p>
+<p>The setapps command can be used to set the applications a specific certificate
+can be used for. For instance, update the applications of the CertCA certificate.
+Initially it is trusted for SWInstall: </p>
+<p><userinput>certtool –list CertCA</userinput> </p>
+<codeblock id="GUID-A38ABE67-FDCD-547B-A3C7-0949FDC5D950" xml:space="preserve">Symbian CertStore Manipulation Tool
+Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
+Label: TCA Format: X509 Owner Type: Root (CA)
+Issuer Name: CertCA Subject Name: CertCA
+Valid From: 16:36:00 Tue 12th May 2009 Valid Until: 16:36:00 Tue 11th May 2010
+Trusted for Applications: SWInstall</codeblock>
+<p>Change the applications using the setapps command. Set the applications
+to SSL/TLS: </p>
+<p><userinput>certtool –setapps –apps SSL/TLS TestCA</userinput> </p>
+<codeblock id="GUID-3B74BA88-9944-599A-AE9C-B8EEF7D57070" xml:space="preserve">Symbian CertStore Manipulation Tool
+Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
+Certificate applications set successfully
+Label: TestCA Format: X509 Owner Type: Root (CA)
+Issuer Name: CertCA Subject Name: CertCA
+Valid From: 16:36:00 Tue 12th May 2009 Valid Until: 16:36:00 Tue 11th May 2010
+Trusted for Applications: SSL/TLS</codeblock>
+<p>The TestCA certificate is now trusted for server authentication with SSL
+and TLS. If the specified applications are not recognized, an error will occur: </p>
+<codeblock id="GUID-10F4F705-5B67-58C4-9C0A-964DF78C77A1" xml:space="preserve">Symbian CertStore Manipulation Tool
+Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
+No valid applications specified, try one of:
+[SWInstall, SWInstallOCSP, SSL/TLS]</codeblock>
+<p>Remember that applications are case sensitive. </p>
+<p>You can also set the applications using UIDs, for example: </p>
+<p><userinput>certtool –setapps –uids 0x100042AB abc</userinput> </p>
+<p><b>The addapps command </b> </p>
+<p>If you want to add again SWInstall to the applications TestCA is trusted
+for, you can use the setapps command to accomplish our goal. But you would
+need to specify all the applications, for example: </p>
+<p><userinput>certtool –setapps –apps SSL/TLS SWInstall TestCA</userinput> </p>
+<p>The addapps command gives a shortcut. It enables you to specify an application
+which will be added to the existing ones: </p>
+<p><userinput>certtool –addapps –apps SWInstall TestCA</userinput> </p>
+<p>You can also add the applications using UIDs, for example: </p>
+<p><userinput>certtool –addapps -uids 0x101F9B28 abc</userinput> </p>
+<p><b>The removeapps command </b> </p>
+<p>The removeapps command is essentially dual to addapps. It helps to remove
+apps from those a certificate is trusted for. </p>
+<p><userinput>certtool –removeapps –apps SWInstall TestCA</userinput> </p>
+<p>You can also remove the applications using UIDs, for example: </p>
+<p><userinput>certtool -removeapps –apps 0x101F9B28 abc </userinput> </p>
+<p>Remember that applications and labels are case sensitive. </p>
+</conbody><related-links>
+<link href="GUID-F6C20181-0F03-5B8A-B548-C81FF8824503.dita"><linktext>Working with
+Multiple Certificate Store Implementations</linktext></link>
+<link href="GUID-88EC0D74-5595-5FA8-B7BA-B914CC8022FB.dita"><linktext>Listing Contents
+of Certificate Stores</linktext></link>
+<link href="GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638.dita"><linktext>Importing
+Certificates</linktext></link>
+<link href="GUID-DCC2060B-BFEC-5ECF-8154-5AE9C8513F75.dita"><linktext>Removing
+Certificates</linktext></link>
+</related-links></concept>
\ No newline at end of file