version 1.113, 2013/01/18 08:39:04 |
version 1.114, 2013/01/18 21:48:43 |
|
|
.Nm |
.Nm |
will generate a KRL file at the location specified via the |
will generate a KRL file at the location specified via the |
.Fl f |
.Fl f |
flag that revokes every key or certificate presented on the command-line. |
flag that revokes every key or certificate presented on the command line. |
Keys/certificates to be revoked may be specified by public key file or |
Keys/certificates to be revoked may be specified by public key file or |
using the format described in the |
using the format described in the |
.Sx KEY REVOCATION LISTS |
.Sx KEY REVOCATION LISTS |
|
|
Update a KRL. |
Update a KRL. |
When specified with |
When specified with |
.Fl k , |
.Fl k , |
keys listed via the command-line are added to the existing KRL rather than |
keys listed via the command line are added to the existing KRL rather than |
a new KRL being created. |
a new KRL being created. |
.It Fl V Ar validity_interval |
.It Fl V Ar validity_interval |
Specify a validity interval when signing a certificate. |
Specify a validity interval when signing a certificate. |
|
|
KRLs may be generated using the |
KRLs may be generated using the |
.Fl k |
.Fl k |
flag. |
flag. |
This option reads one or more files from the command-line and generates a new |
This option reads one or more files from the command line and generates a new |
KRL. |
KRL. |
The files may either contain a KRL specification (see below) or public keys, |
The files may either contain a KRL specification (see below) or public keys, |
listed one per line. |
listed one per line. |
|
|
of serial numbers including and between each is revoked. |
of serial numbers including and between each is revoked. |
The CA key must have been specified on the |
The CA key must have been specified on the |
.Nm |
.Nm |
command-line using the |
command line using the |
.Fl s |
.Fl s |
option. |
option. |
.It Cm id : Ar key_id |
.It Cm id : Ar key_id |
Revokes a certificate with the specified key ID string. |
Revokes a certificate with the specified key ID string. |
The CA key must have been specified on the |
The CA key must have been specified on the |
.Nm |
.Nm |
command-line using the |
command line using the |
.Fl s |
.Fl s |
option. |
option. |
.It Cm key : Ar public_key |
.It Cm key : Ar public_key |
|
|
.Fl u |
.Fl u |
flag in addition to |
flag in addition to |
.Fl k . |
.Fl k . |
When this option is specified, keys listed via the command-line are merged into |
When this option is specified, keys listed via the command line are merged into |
the KRL, adding to those already there. |
the KRL, adding to those already there. |
.Pp |
.Pp |
It is also possible, given a KRL, to test whether it revokes a particular key |
It is also possible, given a KRL, to test whether it revokes a particular key |
|
|
The |
The |
.Fl Q |
.Fl Q |
flag will query an existing KRL, testing each key specified on the commandline. |
flag will query an existing KRL, testing each key specified on the commandline. |
If any key listed on the command-line has been revoked (or an error encountered) |
If any key listed on the command line has been revoked (or an error encountered) |
then |
then |
.Nm |
.Nm |
will exit with a non-zero exit status. |
will exit with a non-zero exit status. |