cimcrl (8) - Linux Manuals

cimcrl: Add, remove or list X509 Certificate Revocation Lists in a PEM format CRL store.

NAME

cimcrl - Add, remove or list X509 Certificate Revocation Lists in a PEM format CRL store.

SYNOPSIS

cimcrl -a -f file

cimcrl -r -i issuer

cimcrl -l [ -i issuer ]

cimcrl --help

cimcrl --version

Remarks

The cimcrl command requires that the cimserver is running. This command operates on a CRL store on the local system only.

DESCRIPTION

The cimcrl command provides a command line interface to manage X509 CRLs in the CRL store. The CRL store contains the CRLs used to revoke certificates in the CIM Server truststore. For more information on truststore operations see the cimtrust(8) command.

The add option of the cimcrl command adds an X509 CRL from the specified file to the CRL store. If a CRL for the specified issuer already exists in the CRL store, the CRL is replaced with the specified CRL.

The remove option of the cimcrl command removes the X509 CRL matching the specified issuer from the CRL store.

The list option of the cimcrl command lists the X509 CRLs in the CRL store. The list can be filtered by issuer.

Options

cimcrl recognizes the following options:
-a
Adds a CRL to the truststore. If the specified file does not contain a valid X509 CRL an error message is returned and no action is taken. If the CRL for the specified issuer already exists in the CRL store, it is replaced with the CRL in the specified file
-r
Removes a CRL from the truststore. If no CRL exists for the specified issuer , an error message is returned and no action is taken.
-l
Displays the X509 CRLs in the truststore.
-f file
Specifies a PEM format file containing an X509 CRL.
-i issuer
Specifies the issuer name of the CRL.
--help
Displays the command help message.
--version
Displays the CIM Server version.

EXIT STATUS

When an error occurs, an error message is written to the standard error stream and a non-zero exit status value is returned. The following exit status values are defined:
0
Success
1
General error
2
Connection failed
3
Connection timed out
4
CRL does not exist

EXAMPLES

Add the CRL in class1crl.pem to the CRL store:

cimcrl -a -f class1crl.pem

Remove the CRL for a specified issuer:

cimcrl -r -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com"

List all the X509 CRLs in the trust store:

cimcrl -l

SEE ALSO

cimserver(8), cimtrust(8), cimconfig(8).