Provided by: dirmngr_1.1.1-1.1_amd64 bug

NAME

       dirmngr-client - CRL and OCSP daemon

SYNOPSIS

       dirmngr-client [options] [certfile|pattern]

DESCRIPTION

       The  dirmngr-client  is  a  simple  tool  to  contact a running dirmngr and test whether a
       certificate has been revoked --- either by being listed in the  corresponding  CRL  or  by
       running  the OCSP protocol.  If no dirmngr is running, a new instances will be started but
       this is in general not a good idea due to the huge performance overhead.

       The usual way to run this tool is either:

         dirmngr-client acert

       or

         dirmngr-client <acert

       Where acert is one DER encoded (binary) X.509 certificates to be tested.

RETURN VALUE

       dirmngr-client returns these values:

       0      The certificate under question is valid; i.e. there is a valid CRL available and it
              is not listed there or the OCSP request returned that that certificate is valid.

       1      The certificate has been revoked

       2 (and other values)
              There was a problem checking the revocation state of the certificate.  A message to
              stderr has given more detailed information.  Most likely this is due to  a  missing
              or expired CRL or due to a network problem.

OPTIONS

       dirmngr-client may be called with the following options:

       --version
              Print  the  program  version  and  licensing  information.   Note  that  you cannot
              abbreviate this command.

       --help, -h
              Print a usage message summarizing the most useful command-line options.  Note  that
              you cannot abbreviate this command.

       --quiet, -q
              Make the output extra brief by suppressing any informational messages.

       -v

       --verbose
              Outputs  additional  information  while running.  You can increase the verbosity by
              giving several verbose commands to dirmngr, such as '-vv'.

       --pem  Assume that the given certificate is in PEM (armored) format.

       --ocsp Do the check using the OCSP protocol and ignore any CRLs.

       --force-default-responder
              When checking using the OCSP protocl, force the use of the default OCSP  responder.
              That is not to use the Reponder as given by the certificate.

       --ping Check whether the dirmngr daemon is up and running.

       --cache-cert
              Put  the  given  certificate  into  the cache of a running dirmngr.  This is mainly
              useful for debugging.

       --validate
              Validate the given certificate using dirmngr's internal validation code.   This  is
              mainly useful for debugging.

       --load-crl
              This  command  expects  a  list  of filenames with DER encoded CRL files.  With the
              option --url URLs are expected in place of filenames and they are  loaded  directly
              from the given location.  All CRLs will be validated and then loaded into dirmngr's
              cache.

       --lookup
              Take the remaining arguments and run a lookup command on each of them.  The results
              are  Base-64  encoded outputs (without header lines).  This may be used to retrieve
              certificates from a server. However the output format is not very  well  suited  if
              more than one certificate is returned.

       --url

       -u     Modify the lookup and load-crl commands to take an URL.

       --local

       -l     Let the lookup command only search the local cache.

       --squid-mode
              Run   dirmngr-client   in   a  mode  suitable  as  a  helper  program  for  Squid's
              external_acl_type option.

SEE ALSO

       dirmngr(1), gpgsm(1)

       The full documentation for this tool is maintained as a Texinfo manual.   If  dirmngr  and
       the info program are properly installed at your site, the command

         info dirmngr

       should give you access to the complete manual including a menu structure and an index.