1PKI --VERIFY(1)                   strongSwan                   PKI --VERIFY(1)
2
3
4

NAME

6       pki --verify - Verify a certificate using a CA certificate
7

SYNOPSIS

9       pki --verify [--in file] [--cacert file] [--crl file] [--debug level]
10                    [--online]
11
12       pki --verify --options file
13
14       pki --verify -h | --help
15

DESCRIPTION

17       This sub-command of pki(1) verifies a certificate using an optional  CA
18       certificate.
19

OPTIONS

21       -h, --help
22              Print usage information with a summary of the available options.
23
24       -v, --debug level
25              Set debug level, default: 1.
26
27       -+, --options file
28              Read command line options from file.
29
30       -i, --in file
31              X.509 certificate to verify. If not given it is read from STDIN.
32
33       -c, --cacert file
34              CA  certificate to use for trustchain verification. If not given
35              the certificate is assumed to be self-signed. May optionally  be
36              a path to a directory from which CA certificates are loaded. Can
37              be used multiple times.
38
39       -l, --crl file
40              Local CRL to use for trustchain verification. May optionally  be
41              a  path  to  a directory from which CRLs are loaded. Can be used
42              multiple times.  Implies -o.
43
44       -o, --online
45              Enable online CRL/OCSP revocation checking.
46

EXIT STATUS

48       The exit status is 0 if the certificate was verified successfully, 1 if
49       the  certificate is untrusted, 2 if the certificate's lifetimes are in‐
50       valid, and 3 if the certificate was verified successfully but  the  on‐
51       line revocation check indicated that it has been revoked.
52

SEE ALSO

54       pki(1)
55
56
57
585.9.2                             2016-08-19                   PKI --VERIFY(1)
Impressum