dirmngr-client(1) - Linux man page

Name

dirmngr-client - CRL and OCSP daemon

Synopsis

dirmngr-client [options] [certfile|pattern]

Description

The dirmngr-client is a simple tool to contact a running dirmngr and test whether a certificate has been revoked --- either by being listed in the corresponding CRL or by running the OCSP protocol. If no dirmngr is running, a new instances will be started but this is in general not a good idea due to the huge performance overhead.

The usual way to run this tool is either: 

dirmngr-client acert

or 

dirmngr-client <acert

Where acert is one DER encoded (binary) X.509 certificates to be tested.

Return Value

dirmngr-client returns these values:
  1. The certificate under question is valid; i.e. there is a valid CRL available and it is not listed tehre or teh OCSP request returned that that certificate is valid.
  2. The

    certificate has been revoked

    2 (and other values)
    There was a problem checking the revocation state of the certificate. A message to stderr has given more detailed information. Most likely this is due to a missing or expired CRL or due to a network problem.

    Options

    dirmngr-client may be called with the following options:

    --version
    Print the program version and licensing information. Note that you cannot abbreviate this command.
    --help, -h
    Print a usage message summarizing the most useful command-line options. Note that you cannot abbreviate this command.
    --quiet, -q
    Make the output extra brief by suppressing any informational messages.
    -v
    --verbose
    Outputs additional information while running. You can increase the verbosity by giving several verbose commands to dirmngr, such as '-vv'.
    --pem
    Assume that the given certificate is in PEM (armored) format.
    --ocsp
    Do the check using the OCSP protocol and ignore any CRLs.
    --force-default-responder
    When checking using the OCSP protocl, force the use of the default OCSP responder. That is not to use the Reponder as given by the certificate.
    --ping
    Check whether the dirmngr daemon is up and running.
    --cache-cert
    Put the given certificate into the cache of a running dirmngr. This is mainly useful for debugging.
    --validate
    Validate the given certificate using dirmngr's internal validation code. This is mainly useful for debugging.
    --load-crl
    This command expects a list of filenames with DER encoded CRL files. All CRL will be validated and then loaded into dirmngr's cache.
    --lookup
    Take the remaining arguments and run a lookup command on each of them. The results are Base-64 encoded outputs (without header lines). This may be used to retrieve certificates from a server. However the output format is not very well suited if more than one certificate is returned.
    --url
    -u
    Modify the lookup command to take an URL and not a pattern.
    --local
    -l
    Let the lookup command only search the local cache.
    --squid-mode
    Run dirmngr-client in a mode suitable as a helper program for Squid's external_acl_type option.

    See Also

    dirmngr(1), gpgsm(1)

    The full documentation for this tool is maintained as a Texinfo manual. If dirmngr and the info program are properly installed at your site, the

    command 

    info dirmngr

    should give you access to the complete manual including a menu structure and an index.