1DIRMNGR-CLIENT(1) GNU Privacy Guard DIRMNGR-CLIENT(1)
2
6 dirmngr-client - CRL and OCSP daemon
7
9 dirmngr-client [options] [certfile|pattern]
10
13 The dirmngr-client is a simple tool to contact a running dirmngr and
14 test whether a certificate has been revoked --- either by being listed
15 in the corresponding CRL or by running the OCSP protocol. If no dirm‐
16 ngr is running, a new instances will be started but this is in general
17 not a good idea due to the huge performance overhead.
18 The usual way to run this tool is either:
21 dirmngr-client acert
23 or
26 dirmngr-client <acert
28 Where acert is one DER encoded (binary) X.509 certificates to be
30 tested.
31
34 dirmngr-client returns these values:
35 0 The certificate under question is valid; i.e. there is a valid
38 CRL available and it is not listed tehre or teh OCSP request
39 returned that that certificate is valid.
40 1 The certificate has been revoked
43 2 (and other values)
46 There was a problem checking the revocation state of the cer‐
47 tificate. A message to stderr has given more detailed informa‐
48 tion. Most likely this is due to a missing or expired CRL or
49 due to a network problem.
50
54 dirmngr-client may be called with the following options:
55 --version
59 Print the program version and licensing information. Note that
60 you cannot abbreviate this command.
61 --help, -h
64 Print a usage message summarizing the most useful command-line
65 options. Note that you cannot abbreviate this command.
66 --quiet, -q
69 Make the output extra brief by suppressing any informational
70 messages.
71 -v
74 --verbose
76 Outputs additional information while running. You can increase
77 the verbosity by giving several verbose commands to dirmngr,
78 such as '-vv'.
79 --pem Assume that the given certificate is in PEM (armored) format.
82 --ocsp Do the check using the OCSP protocol and ignore any CRLs.
85 --force-default-responder
88 When checking using the OCSP protocl, force the use of the
89 default OCSP responder. That is not to use the Reponder as
90 given by the certificate.
91 --ping Check whether the dirmngr daemon is up and running.
94 --cache-cert
97 Put the given certificate into the cache of a running dirmngr.
98 This is mainly useful for debugging.
99 --validate
102 Validate the given certificate using dirmngr's internal valida‐
103 tion code. This is mainly useful for debugging.
104 --load-crl
107 This command expects a list of filenames with DER encoded CRL
108 files. All CRL will be validated and then loaded into dirmngr's
109 cache.
110 --lookup
113 Take the remaining arguments and run a lookup command on each of
114 them. The results are Base-64 encoded outputs (without header
115 lines). This may be used to retrieve certificates from a
116 server. However the output format is not very well suited if
117 more than one certificate is returned.
118 --url
121 -u Modify the lookup command to take an URL and not a pattern.
123 --local
126 -l Let the lookup command only search the local cache.
128 --squid-mode
131 Run dirmngr-client in a mode suitable as a helper program for
132 Squid's external_acl_type option.
133
138 dirmngr(1), gpgsm(1)
139 The full documentation for this tool is maintained as a Texinfo manual.
141 If dirmngr and the info program are properly installed at your site,
142 the command
143 info dirmngr
145 should give you access to the complete manual including a menu struc‐
147 ture and an index.
148Dirmngr 1.0.3 2010-11-12 DIRMNGR-CLIENT(1)