Man page - pki---verify(1)

Packages contains this manual

Package:  strongswan-pki
apt-get install strongswan-pki

Manuals in package:
• pki---dn(1)
• pki(1)
• pki---verify(1)
• pki---pkcs7(1)
• pki---req(1)
• pki---self(1)
• pki---acert(1)
• pki---scep(1)
• pki---signcrl(1)
• pki---keyid(1)
• pki---ocsp(1)
• pki---estca(1)
• pki---pub(1)
• pki---issue(1)
• pki---gen(1)
• pki---scepca(1)
• pki---est(1)
• pki---print(1)
Documentations in package:
• strongswan-pki

Manual

PKI --VERIFY

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXIT STATUS
SEE ALSO

---

NAME

pki --verify - Verify a certificate using a CA certificate

SYNOPSIS

	pki --verify		[ --in file ] [ --cacert file ] [ --crl file ] [ --debug level ] [ --online ]
	pki --verify		--options file
	pki --verify		-h | --help

DESCRIPTION

This sub-command of pki (1) verifies a certificate using an optional CA certificate.

OPTIONS

-h, --help

Print usage information with a summary of the available options.

-v, --debug level

Set debug level, default: 1.

-+, --options file

Read command line options from file .

-i, --in file

X.509 certificate to verify. If not given it is read from STDIN .

-c, --cacert file

CA certificate to use for trustchain verification. If not given the certificate is assumed to be self-signed. May optionally be a path to a directory from which CA certificates are loaded. Can be used multiple times.

-l, --crl file

Local CRL to use for trustchain verification. May optionally be a path to a directory from which CRLs are loaded. Can be used multiple times. Implies -o .

-o, --online

Enable online CRL/OCSP revocation checking.

EXIT STATUS

The exit status is 0 if the certificate was verified successfully, 1 if the certificate is untrusted, 2 if the certificate’s lifetimes are invalid, and 3 if the certificate was verified successfully but the online revocation check indicated that it has been revoked.

SEE ALSO

pki (1)

---