dirmngr-client(1)

1DIRMNGR-CLIENT(1)              GNU Privacy Guard             DIRMNGR-CLIENT(1)
2
3
4

NAME

6       dirmngr-client - CRL and OCSP daemon
7

SYNOPSIS

9       dirmngr-client [options] [certfile|pattern]
10
11

DESCRIPTION

13       The  dirmngr-client  is  a simple tool to contact a running dirmngr and
14       test whether a certificate has been revoked --- either by being  listed
15       in  the corresponding CRL or by running the OCSP protocol.  If no dirm‐
16       ngr is running, a new instances will be started but this is in  general
17       not a good idea due to the huge performance overhead.
18
19
20       The usual way to run this tool is either:
21
22         dirmngr-client acert
23
24
25       or
26
27         dirmngr-client <acert
28
29       Where  acert  is  one  DER  encoded  (binary)  X.509 certificates to be
30       tested.
31
32

RETURN VALUE

34       dirmngr-client returns these values:
35
36
37       0      The certificate under question is valid; i.e. there is  a  valid
38              CRL  available  and  it  is not listed tehre or teh OCSP request
39              returned that that certificate is valid.
40
41
42       1      The certificate has been revoked
43
44
45       2 (and other values)
46              There was a problem checking the revocation state  of  the  cer‐
47              tificate.   A message to stderr has given more detailed informa‐
48              tion.  Most likely this is due to a missing or  expired  CRL  or
49              due to a network problem.
50
51
52

OPTIONS

54       dirmngr-client may be called with the following options:
55
56
57
58       --version
59              Print  the program version and licensing information.  Note that
60              you cannot abbreviate this command.
61
62
63       --help, -h
64              Print a usage message summarizing the most  useful  command-line
65              options.  Note that you cannot abbreviate this command.
66
67
68       --quiet, -q
69              Make  the  output  extra  brief by suppressing any informational
70              messages.
71
72
73       -v
74
75       --verbose
76              Outputs additional information while running.  You can  increase
77              the  verbosity  by  giving  several verbose commands to dirmngr,
78              such as
79
80
81       --pem  Assume that the given certificate is in PEM (armored) format.
82
83
84       --ocsp Do the check using the COSP protocol and ignore any CRLs.
85
86
87       --ping Check whether the dirmngr daemon is up and running.
88
89
90       --cache-cert
91              Put the given certificate into the cache of a  running  dirmngr.
92              This is mainly useful for debugging.
93
94
95       --validate
96              Validate  the given certificate using dirmngr's internal valida‐
97              tion code.  This is mainly useful for debugging.
98
99
100       --load-crl
101              This command expects a list of filenames with  DER  encoded  CRL
102              files.   All  CRL  will be vfalidated and then loaded into dirm‐
103              ngr's cache.
104
105
106       --lookup
107              Take the remaining arguments and run a lookup command on each of
108              them.   The  results are Base-64 encoded outputs (without header
109              lines).  This may  be  used  to  retrieve  certificates  from  a
110              server.  However  the  output  format is not very well suited if
111              more than one certificate is returned.
112
113
114       --squid-mode
115              Run dirmngr-client in a mode suitable as a  helper  program  for
116              Squid's external_acl_type option.
117
118
119
120

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

OPTIONS

SEE ALSO