cw-trust - Clockwork Trust Database Utility
cw-trust [OPTIONS] --trust cert.pub other-cert.pub
cw-trust [OPTIONS] --revoke bad.pub
Clockwork is a configuration management system designed to securely and correctly enforce configuration policies on lots of hosts.
It can ensure that files have the right attributes (owner, group, permissions, etc.) and content. It can maintain a specific set of installed packages, and even make sure that system user accounts exist.
cw-trust is a utility for managing a database of trusted Clockwork certificates, which is called a trust database, or just trustdb for short. It allows site administrators to trust or revoke certificates.
When clockd is running in security.strict mode, it will consult a trust database to determine if client cogd instances are trusted enough to receive potentially sensitive policy and configuration files.
Specify the path to the trust database to update or create. If the file does not exist, it will be created for you.
Defaults to /etc/clockwork/certs/trusted.
Add certificates given on the command line to the trust database. This is the default mode of cw-trust.
Remove the certificates given on the command line from the trust database, if they are currently trusted.
A trustdb is really just a list of the trusted certificates, each accounted for by public key (in hexadecimal encoding) and the identity of the certificate (for human consumption). The database files are simple text files that can be viewed and edited manually.
Here is an example database file:
fb5cf56fabc8f9e85294f1af3e968bd02d6ebae801a76331124b94a307f57875 host1.example.com 417b7f7946b6c65db58e86c5a66cbc698dbd1b15492e29372f927cf91620947e other-host
Empty lines will be ignored, as will any line starting with the comment character, '#'. Keep in mind, however, that cw-trust will strip out all of the comments and reformat the trustdb.
Clockwork was designed and written by James Hunt.
The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License