goutils/cmd/certverify
Kyle Isom 8fd2e76939 Add certverify utility. 2016-01-14 17:29:55 -08:00
..
README Add certverify utility. 2016-01-14 17:29:55 -08:00
main.go Add certverify utility. 2016-01-14 17:29:55 -08:00

README

certverify

This is a small utility to verify a TLS X.509 certificate. It returns
0 on success; on error, it prints the error and returns with exit code 1.
It does not check for revocations (though this is a planned feature),
and it does not check the hostname (it deals only in certificate files).

[ Usage ]
	certverify [-ca bundle] [-f] [-i bundle] [-v] certificate

[ Flags ]
	-ca bundle	Specify the path to the CA certificate bundle
			to use.
	-f		Force the use of the intermediate bundle, ignoring
			any intermediates bundled with the certificate.
	-i bundle	Specify the path to the intermediate certificate
			bundle to use.
	-v		Print extra information during the program's run.
			If the certificate validates, also prints 'OK'.

[ Examples ]

To verify the 'www.pem' certificate against the system roots:

	$ certverify www.pem
	$ echo $?
	0

To verify the 'www.pem' certificate against the 'ca-cert.pem' CA
certificate bundle, and seeing a mismatch:

	$ certverify -ca ca-cert.pem www.pem
	Verification failed: x509: certificate signed by unknown authority
	$ echo $?
	1