Section: strongSwan (1)
pki --verify - Verify a certificate using a CA certificate
[ --in file
[ --cacert file
[ --crl file
[ --debug level
This sub-command of
verifies a certificate using an optional CA certificate.
- -h, --help
Print usage information with a summary of the available options.
- -v, --debug level
Set debug level, default: 1.
- -+, --options file
Read command line options from file.
- -i, --in file
X.509 certificate to verify. If not given it is read from STDIN.
- -c, --cacert file
CA certificate to use for trustchain verification. If not given the certificate
is assumed to be self-signed. May optionally be a path to a directory from
which CA certificates are loaded. Can be used multiple times.
- -l, --crl file
Local CRL to use for trustchain verification. May optionally be a path to a
directory from which CRLs are loaded. Can be used multiple times.
- -o, --online
Enable online CRL/OCSP revocation checking.
The exit status is 0 if the certificate was verified successfully, 1 if the
certificate is untrusted, 2 if the certificate's lifetimes are invalid, and 3
if the certificate was verified successfully but the online revocation check
indicated that it has been revoked.