1PKI --VERIFY(1) strongSwan PKI --VERIFY(1)
2
3
4
6 pki --verify - Verify a certificate using a CA certificate
7
9 pki --verify [--in file] [--cacert file] [--crl file] [--debug level]
10 [--online]
11
12 pki --verify --options file
13
14 pki --verify -h | --help
15
17 This sub-command of pki(1) verifies a certificate using an optional CA
18 certificate.
19
21 -h, --help
22 Print usage information with a summary of the available options.
23
24 -v, --debug level
25 Set debug level, default: 1.
26
27 -+, --options file
28 Read command line options from file.
29
30 -i, --in file
31 X.509 certificate to verify. If not given it is read from STDIN.
32
33 -c, --cacert file
34 CA certificate to use for trustchain verification. If not given
35 the certificate is assumed to be self-signed. May optionally be
36 a path to a directory from which CA certificates are loaded. Can
37 be used multiple times.
38
39 -l, --crl file
40 Local CRL to use for trustchain verification. May optionally be
41 a path to a directory from which CRLs are loaded. Can be used
42 multiple times. Implies -o.
43
44 -o, --online
45 Enable online CRL/OCSP revocation checking.
46
48 The exit status is 0 if the certificate was verified successfully, 1 if
49 the certificate is untrusted, 2 if the certificate's lifetimes are
50 invalid, and 3 if the certificate was verified successfully but the
51 online revocation check indicated that it has been revoked.
52
54 pki(1)
55
56
57
585.8.4 2016-08-19 PKI --VERIFY(1)