Linux "dirmngr-client" Command Line Options and Examples

Tool to access the Dirmngr services

The dirmngr-client is a simple tool to contact a running dirmngr and test whether a certificate has been revoked --- either by being listed in the corresponding CRL or by running the OCSP protocol. If no dirmngr is running, a new instances will be started but this is in general not a good idea due to the huge performance overhead.

Usage:

dirmngr-client [options] [certfile|pattern]

Related Commands

Command Line Options:

--version

Print the program version and licensing information. Note that you cannot abbreviate this command.


                            dirmngr-client --version ...

--help

Print a usage message summarizing the most useful command-line options. Note that you cannot abbreviate this command.


                            dirmngr-client --help ...

--quiet

Make the output extra brief by suppressing any informational messages.


                            dirmngr-client --quiet ...

--verbose

Outputs additional information while running. You can increase the verbosity by giving several verbose commands to dirmngr,such as '-vv'.


                            dirmngr-client --verbose ...

--pem

Assume that the given certificate is in PEM (armored) format.


                            dirmngr-client --pem ...

--ocsp

Do the check using the OCSP protocol and ignore any CRLs.


                            dirmngr-client --ocsp ...

--force-default-responder

When checking using the OCSP protocol, force the use of the default OCSP responder. That is not to use the Reponder as givenby the certificate.


                            dirmngr-client --force-default-responder ...

--ping

Check whether the dirmngr daemon is up and running.


                            dirmngr-client --ping ...

--cache-cert

Put the given certificate into the cache of a running dirmngr. This is mainly useful for debugging.


                            dirmngr-client --cache-cert ...

--validate

Validate the given certificate using dirmngr's internal validation code. This is mainly useful for debugging.


                            dirmngr-client --validate ...

--load-crl

This command expects a list of filenames with DER encoded CRL files. With the option --url URLs are expected in place offilenames and they are loaded directly from the given location. All CRLs will be validated and then loaded into dirmngr'scache.


                            dirmngr-client --load-crl ...

--lookup

Take the remaining arguments and run a lookup command on each of them. The results are Base-64 encoded outputs (withoutheader lines). This may be used to retrieve certificates from a server. However the output format is not very well suited ifmore than one certificate is returned.


                            dirmngr-client --lookup ...

-u

Modify the lookup and load-crl commands to take an URL.


                            dirmngr-client -u ...

-l

Let the lookup command only search the local cache.


                            dirmngr-client -l ...

--squid-mode

Run dirmngr-client in a mode suitable as a helper program for Squid's external_acl_type option.


                            dirmngr-client --squid-mode ...