vpn crlview

Description

Retrieves the Certificate Revocation List (CRL) from various distribution points and shows it for the user.

Syntax

vpn crlview [-d]

-obj <Network Object Name> -cert <Certificate Object Name>

-f <Certificate File>

-view

Parameters

Parameter	Description
`-d`	Runs the command in debug mode.
`-obj <`Network Object Name`>`	Specifies the name of the CA network object.
`-cert <`Certificate Object Name`>`	Specifies the name of the certificate object.
`-f <`Certificate File`>`	Specifies the path and the name of the certificate file.
`-view`	Shows the CRL.

Return Values

0 (zero) for success
any other value for failure

Example 1

vpn crlview -obj <MyCA> -cert <MyCert>

The VPN daemon contacts the Certificate Authority called MyCA and locates the certificate called MyCert. The VPN daemon extracts the certificate distribution point from the certificate then goes to the distribution point, which might be an LDAP or HTTP server. From the distribution point, the VPN daemon retrieves the CRL and shows it to the standard output.

Example 2

vpn crlview -f /var/log/MyCert

The VPN daemon extracts the certificate distribution point from the certificate, goes to the distribution point, retrieves the CRL, and shows the CRL to the standard output.

Example 3

vpn crlview -view <Lastest CRL>

If the CRL has already been retrieved, this command instructs the VPN daemon to show the contents to the standard output.