strongswan_pki---verify - Man Page

Verify a certificate using a CA certificate

Synopsis

pki --verify[--in file] [--cacert file] [--crl file] [--debug level] [--online]
pki --verify--options file
pki --verify-h | --help

Description

This sub-command of pki(1) verifies a certificate using an optional CA certificate.

Options

-h,  --help

Print usage information with a summary of the available options.

-v,  --debug level

Set debug level, default: 1.

-+,  --options file

Read command line options from file.

-i,  --in file

X.509 certificate to verify. If not given it is read from STDIN.

-c,  --cacert file

CA certificate to use for trustchain verification. If not given the certificate is assumed to be self-signed. May optionally be a path to a directory from which CA certificates are loaded. Can be used multiple times.

-l,  --crl file

Local CRL to use for trustchain verification. May optionally be a path to a directory from which CRLs are loaded. Can be used multiple times. Implies -o.

-o,  --online

Enable online CRL/OCSP revocation checking.

Exit Status

The exit status is 0 if the certificate was verified successfully, 1 if the certificate is untrusted, 2 if the certificate's lifetimes are invalid, and 3 if the certificate was verified successfully but the online revocation check indicated that it has been revoked.

See Also

pki(1)

Info

2016-08-19 5.9.1 strongSwan