vpn crlview

Description

Retrieves the Certificate Revocation List (CRL) from various distribution points and shows it for the user.

Syntax

vpn crlview [-d]

      -obj <Network Object Name> -cert <Certificate Object Name>

      -f <Certificate File>

      -view

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-obj <Network Object Name>

Specifies the name of the CA network object.

-cert <Certificate Object Name>

Specifies the name of the certificate object.

-f <Certificate File>

Specifies the path and the name of the certificate file.

-view

Shows the CRL.

Return Values

  • 0 (zero) for success

  • any other value for failure

Example 1

vpn crlview -obj <MyCA> -cert <MyCert>

  1. The VPN daemon contacts the Certificate Authority called MyCA and locates the certificate called MyCert.

  2. The VPN daemon extracts the certificate distribution point from the certificate.

  3. The VPN daemon goes to the distribution point and retrieves the CRL. The distribution point can be an LDAP or HTTP server.

  4. The VPN daemon shows it to the standard output.

Example 2

vpn crlview -f /var/log/MyCert

  1. The VPN daemon extracts the certificate distribution point from the certificate file called MyCert.

  2. The VPN daemon goes to the distribution point and retrieves the CRL. The distribution point can be an LDAP or HTTP server.

  3. The VPN daemon shows the CRL to the standard output.

Example 3

vpn crlview -view <Lastest CRL>

If the CRL was retrieved in the past, this command instructs the VPN daemon to show the contents to the standard output.