NAME
dirmngr-client - Tool to access the Dirmngr services
SYNOPSIS
dirmngr-client [options] [certfile|pattern]
DESCRIPTION
The dirmngr-client is a simple tool to contact a running dirmngr and test whether a certificate has been revoked --- either by being listed in the corresponding CRL or by running the OCSP protocol. If no dirmngr is running, a new instances will be started but this is in general not a good idea due to the huge performance overhead. The usual way to run this tool is either: dirmngr-client acert or dirmngr-client <acert Where acert is one DER encoded (binary) X.509 certificates to be tested.
RETURN VALUE
dirmngr-client returns these values: 0 The certificate under question is valid; i.e. there is a valid CRL available and it is not listed there or the OCSP request returned that that certificate is valid. 1 The certificate has been revoked 2 (and other values) There was a problem checking the revocation state of the certificate. A message to stderr has given more detailed information. Most likely this is due to a missing or expired CRL or due to a network problem.
OPTIONS
dirmngr-client may be called with the following options: --version Print the program version and licensing information. Note that you cannot abbreviate this command. --help, -h Print a usage message summarizing the most useful command-line options. Note that you cannot abbreviate this command. --quiet, -q Make the output extra brief by suppressing any informational messages. -v --verbose Outputs additional information while running. You can increase the verbosity by giving several verbose commands to dirmngr, such as '-vv'. --pem Assume that the given certificate is in PEM (armored) format. --ocsp Do the check using the OCSP protocol and ignore any CRLs. --force-default-responder When checking using the OCSP protocl, force the use of the default OCSP responder. That is not to use the Reponder as given by the certificate. --ping Check whether the dirmngr daemon is up and running. --cache-cert Put the given certificate into the cache of a running dirmngr. This is mainly useful for debugging. --validate Validate the given certificate using dirmngr's internal validation code. This is mainly useful for debugging. --load-crl This command expects a list of filenames with DER encoded CRL files. With the option --url URLs are expected in place of filenames and they are loaded directly from the given location. All CRLs will be validated and then loaded into dirmngr's cache. --lookup Take the remaining arguments and run a lookup command on each of them. The results are Base-64 encoded outputs (without header lines). This may be used to retrieve certificates from a server. However the output format is not very well suited if more than one certificate is returned. --url -u Modify the lookup and load-crl commands to take an URL. --local -l Let the lookup command only search the local cache. --squid-mode Run dirmngr-client in a mode suitable as a helper program for Squid's external_acl_type option.
SEE ALSO
dirmngr(8), gpgsm(1) The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command info gnupg should give you access to the complete manual including a menu structure and an index.
More Linux Commands
manpages/addnwstr.3ncurses.html
addnwstr(3ncurses) - add a string of wide characters to a cu
These functions write the characters of the (null-terminated) wchar_t character string wstr on the given window. It is similar to constructing a cchar_t for eac
manpages/XkbAllocCompatMap.3.html
XkbAllocCompatMap(3) - Allocate a new compatibility map if y
xkb specifies the keyboard description for which compatibility maps are to be allocated. The compatibility map is the compat field in this structure. which spec
manpages/XpInputSelected.3x.html
XpInputSelected(3x) - Queries which X Print events the clien
XpInputSelected returns a bit mask describing which event classes the client has selected to receive. The value returned to all_event_mask_return is the union o
manpages/XkbAllocControls.3.html
XkbAllocControls(3) - Allocates an XkbControlsRec structure
The need to allocate an XkbControlsRec structure seldom arises; Xkb creates one when an application calls XkbGetControls or a related function. For those situat
manpages/gnutls_dtls_set_timeouts.3.html
gnutls_dtls_set_timeouts(3) - API function - Linux man page
This function will set the timeouts required for the DTLS handshake protocol. The retransmission timeout is the time after which a message from the peer is not
manpages/iwpriv.8.html
iwpriv(8) - configure optionals (private) parameters of a wi
Iwpriv is the companion tool to iwconfig(8). Iwpriv deals with parameters and setting specific to each driver (as opposed to iwconfig which deals with generic o
manpages/gitcli.7.html
gitcli(7) - git command line interface and conventions......
This manual describes the convention used throughout Git CLI. Many commands take revisions (most often commits, but sometimes tree-ish, depending on the context
manpages/gnutls_x509_crt_get_authority_key_id.3.html
gnutls_x509_crt_get_authority_key_id(3) - API function......
This function will return the X.509v3 certificate authoritys key identifier. This is obtained by the X.509 Authority Key identifier extension field (2.5.29.35).
manpages/chkconfig.8.html
chkconfig(8) - enable or disable system services (Man Page)
chkconfig is used to manipulate the runlevel links at boot time (see init.d(7)). It can be thought of as a frontend to insserv(8). Chkconfig can run in six diff
manpages/sqlite3.1.html
sqlite3(1) - A command line interface for SQLite version 3
To start a sqlite3 interactive session, invoke the sqlite3 command and optionally provide the name of a database file. If the database file does not exist, it w
manpages/XtToolkitThreadInitialize.3.html
XtToolkitThreadInitialize(3) - initialize the toolkit for mu
If XtToolkitThreadInitialize was previously called, it returns. The application programmer must ensure that two or more threads do not simultaneously attempt to
manpages/mdassembler.1.html
mdassembler(1) - Compile documentation for use in monodoc br
mdassembler has been obsoleted by mdoc(1). See the mdoc-assemble(1) man page. mdassembler is a program that creates .tree and .zip files for use in the monodoc
