37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
|
certverify
|
||
|
|
||
|
This is a small utility to verify a TLS X.509 certificate. It returns
|
||
|
0 on success; on error, it prints the error and returns with exit code 1.
|
||
|
It does not check for revocations (though this is a planned feature),
|
||
|
and it does not check the hostname (it deals only in certificate files).
|
||
|
|
||
|
[ Usage ]
|
||
|
certverify [-ca bundle] [-f] [-i bundle] [-v] certificate
|
||
|
|
||
|
[ Flags ]
|
||
|
-ca bundle Specify the path to the CA certificate bundle
|
||
|
to use.
|
||
|
-f Force the use of the intermediate bundle, ignoring
|
||
|
any intermediates bundled with the certificate.
|
||
|
-i bundle Specify the path to the intermediate certificate
|
||
|
bundle to use.
|
||
|
-v Print extra information during the program's run.
|
||
|
If the certificate validates, also prints 'OK'.
|
||
|
|
||
|
[ Examples ]
|
||
|
|
||
|
To verify the 'www.pem' certificate against the system roots:
|
||
|
|
||
|
$ certverify www.pem
|
||
|
$ echo $?
|
||
|
0
|
||
|
|
||
|
To verify the 'www.pem' certificate against the 'ca-cert.pem' CA
|
||
|
certificate bundle, and seeing a mismatch:
|
||
|
|
||
|
$ certverify -ca ca-cert.pem www.pem
|
||
|
Verification failed: x509: certificate signed by unknown authority
|
||
|
$ echo $?
|
||
|
1
|
||
|
|