1CLEAN-CRL(8) System Manager's Manual CLEAN-CRL(8)
2
6 clean-crl - remove orphaned CRL like files from a certificate directory
7
9 clean-crl [-l crlpath] [-v] [-V] [-n] [-h]
10
12 The clean-crl utility will remove CRL like files named hash.rn from the
13 directory specified with the -l option if there is no corresponding .n
14 file in the same. In effect, if the directory is solely used to hold
15 CA certificates in the common OpenSSL format, it will thus remove CRL
16 files for which the corresponding CA does not or no longer exists in
17 the directory.
18
21 -h --help
22 Show help text.
23 -l --cadir metadata-directory
25 The script will search this directory for files with the suffix
26 .ri. There is no default - a common choice is
27 /etc/pki/tls/certs, /etc/openldap/cacerts, or /etc/grid-secu‐
28 rity/certificates.
29 -V --version
32 Display version number (same as corresponding fetch-crl)
33 -v --verbose
36 Verbose mode
37 -n --dryrun
40 Do not actually remove any files (useful primarily with -v)
41
44 None.
45
48 This tool does not check the contents of the files removed, and will
49 blindly unlink any file which even remotely looks like an OpenSSL CRL
50 file. Use with extreme caution.
51
54 fetch-crl(8), openssl(1), http://wiki.nikhef.nl/grid/FetchCRL3
55
58 Exit status is normally 0; if an error occurs, exit status is 1 and
59 diagnostics will be written to standard error.
60
63 Licensed under the Apache License, Version 2.0 (the "License");
64 http://www.apache.org/licenses/LICENSE-2.0
66
69 Does not check the contents of the files removed.
70Trust Anchor Utilities local CLEAN-CRL(8)