Project

General

Profile

ipsec pki --verify

Synopsis

pki --verify [--in file] [--cacert file] [--crl file] [--online]

           --help     (-h)  show usage information
           --in       (-i)  X.509 certificate to verify, default: stdin
           --cacert   (-c)  CA certificate for trustchain verification
           --crl      (-l)  CRL for trustchain verification
           --online   (-o)  enable online CRL/OCSP revocation checking
           --debug    (-v)  set debug level, default: 1
           --options  (-+)  read command line options from file

Description

Verify the signature of an X.509 certificate.

Exit Status

The exit status is 0 if the certificate was verified successfully, 1 if the certificate is untrusted,
2 if the certificate's lifetimes are invalid, and 3 if the certificate was verified successfully but
the online revocation check indicated that it has been revoked.