37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
certverify
|
|
|
|
This is a small utility to verify a TLS X.509 certificate. It returns
|
|
0 on success; on error, it prints the error and returns with exit code 1.
|
|
It does not check for revocations (though this is a planned feature),
|
|
and it does not check the hostname (it deals only in certificate files).
|
|
|
|
[ Usage ]
|
|
certverify [-ca bundle] [-f] [-i bundle] [-v] certificate
|
|
|
|
[ Flags ]
|
|
-ca bundle Specify the path to the CA certificate bundle
|
|
to use.
|
|
-f Force the use of the intermediate bundle, ignoring
|
|
any intermediates bundled with the certificate.
|
|
-i bundle Specify the path to the intermediate certificate
|
|
bundle to use.
|
|
-v Print extra information during the program's run.
|
|
If the certificate validates, also prints 'OK'.
|
|
|
|
[ Examples ]
|
|
|
|
To verify the 'www.pem' certificate against the system roots:
|
|
|
|
$ certverify www.pem
|
|
$ echo $?
|
|
0
|
|
|
|
To verify the 'www.pem' certificate against the 'ca-cert.pem' CA
|
|
certificate bundle, and seeing a mismatch:
|
|
|
|
$ certverify -ca ca-cert.pem www.pem
|
|
Verification failed: x509: certificate signed by unknown authority
|
|
$ echo $?
|
|
1
|
|
|