1DIRMNGR-CLIENT(1) GNU Privacy Guard DIRMNGR-CLIENT(1)
2
6 dirmngr-client - CRL and OCSP daemon
7
9 dirmngr-client [options] [certfile|pattern]
10
13 The dirmngr-client is a simple tool to contact a running dirmngr and
14 test whether a certificate has been revoked --- either by being listed
15 in the corresponding CRL or by running the OCSP protocol. If no dirm‐
16 ngr is running, a new instances will be started but this is in general
17 not a good idea due to the huge performance overhead.
18 The usual way to run this tool is either:
21 dirmngr-client acert
23 or
26 dirmngr-client <acert
28 Where acert is one DER encoded (binary) X.509 certificates to be
30 tested.
31
34 dirmngr-client returns these values:
35 0 The certificate under question is valid; i.e. there is a valid
38 CRL available and it is not listed tehre or teh OCSP request
39 returned that that certificate is valid.
40 1 The certificate has been revoked
43 2 (and other values)
46 There was a problem checking the revocation state of the cer‐
47 tificate. A message to stderr has given more detailed informa‐
48 tion. Most likely this is due to a missing or expired CRL or
49 due to a network problem.
50
54 dirmngr-client may be called with the following options:
55 --version
59 Print the program version and licensing information. Note that
60 you cannot abbreviate this command.
61 --help, -h
64 Print a usage message summarizing the most useful command-line
65 options. Note that you cannot abbreviate this command.
66 --quiet, -q
69 Make the output extra brief by suppressing any informational
70 messages.
71 -v
74 --verbose
76 Outputs additional information while running. You can increase
77 the verbosity by giving several verbose commands to dirmngr,
78 such as '-vv'.
79 --pem Assume that the given certificate is in PEM (armored) format.
82 --ocsp Do the check using the OCSP protocol and ignore any CRLs.
85 --force-default-responder
88 When checking using the OCSP protocl, force the use of the
89 default OCSP responder. That is not to use the Reponder as
90 given by the certificate.
91 --ping Check whether the dirmngr daemon is up and running.
94 --cache-cert
97 Put the given certificate into the cache of a running dirmngr.
98 This is mainly useful for debugging.
99 --validate
102 Validate the given certificate using dirmngr's internal valida‐
103 tion code. This is mainly useful for debugging.
104 --load-crl
107 This command expects a list of filenames with DER encoded CRL
108 files. With the option --url URLs are expected in place of
109 filenames and they are loaded directly from the given location.
110 All CRLs will be validated and then loaded into dirmngr's cache.
111 --lookup
114 Take the remaining arguments and run a lookup command on each of
115 them. The results are Base-64 encoded outputs (without header
116 lines). This may be used to retrieve certificates from a
117 server. However the output format is not very well suited if
118 more than one certificate is returned.
119 --url
122 -u Modify the lookup and load-crl commands to take an URL.
124 --local
127 -l Let the lookup command only search the local cache.
129 --squid-mode
132 Run dirmngr-client in a mode suitable as a helper program for
133 Squid's external_acl_type option.
134
139 dirmngr(1), gpgsm(1)
140 The full documentation for this tool is maintained as a Texinfo manual.
142 If dirmngr and the info program are properly installed at your site,
143 the command
144 info dirmngr
146 should give you access to the complete manual including a menu struc‐
148 ture and an index.
149Dirmngr 1.1.0 2010-08-10 DIRMNGR-CLIENT(1)