pki --verify - Verify a certificate using a CA certificate
pki --verify |
[--in file]
[--cacert file]
[--crl file]
[--debug level]
[--online] |
pki --verify |
--options file |
This sub-command of pki(1) verifies a certificate using an
optional CA certificate.
- -h, --help
- Print usage information with a summary of the available options.
- -v, --debug
level
- Set debug level, default: 1.
- -+, --options file
- Read command line options from file.
- -i, --in
file
- X.509 certificate to verify. If not given it is read from
STDIN.
- -c, --cacert
file
- CA certificate to use for trustchain verification. If not given the
certificate is assumed to be self-signed. May optionally be a path to a
directory from which CA certificates are loaded. Can be used multiple
times.
- -l, --crl
file
- Local CRL to use for trustchain verification. May optionally be a path to
a directory from which CRLs are loaded. Can be used multiple times.
Implies -o.
- -o, --online
- Enable online CRL/OCSP revocation checking.
The exit status is 0 if the certificate was verified successfully,
1 if the certificate is untrusted, 2 if the certificate's lifetimes are
invalid, and 3 if the certificate was verified successfully but the online
revocation check indicated that it has been revoked.