cimcrl (8) - Linux Manuals
cimcrl: Add, remove or list X509 Certificate Revocation Lists in a PEM format CRL store.
NAME
cimcrl - Add, remove or list X509 Certificate Revocation Lists in a PEM format CRL store.SYNOPSIS
cimcrl -a -f file
cimcrl -r -i issuer
cimcrl -l [ -i issuer ]
cimcrl --help
cimcrl --version
Remarks
The cimcrl command requires that the cimserver is running. This command operates on a CRL store on the local system only.DESCRIPTION
The cimcrl command provides a command line interface to manage X509 CRLs in the CRL store. The CRL store contains the CRLs used to revoke certificates in the CIM Server truststore. For more information on truststore operations see the cimtrust(8) command.The add option of the cimcrl command adds an X509 CRL from the specified file to the CRL store. If a CRL for the specified issuer already exists in the CRL store, the CRL is replaced with the specified CRL.
The remove option of the cimcrl command removes the X509 CRL matching the specified issuer from the CRL store.
The list option of the cimcrl command lists the X509 CRLs in the CRL store. The list can be filtered by issuer.
Options
cimcrl recognizes the following options:-
- -a
- Adds a CRL to the truststore. If the specified file does not contain a valid X509 CRL an error message is returned and no action is taken. If the CRL for the specified issuer already exists in the CRL store, it is replaced with the CRL in the specified file
- -r
- Removes a CRL from the truststore. If no CRL exists for the specified issuer , an error message is returned and no action is taken.
- -l
- Displays the X509 CRLs in the truststore.
- -f file
- Specifies a PEM format file containing an X509 CRL.
- -i issuer
- Specifies the issuer name of the CRL.
- --help
- Displays the command help message.
- --version
- Displays the CIM Server version.
EXIT STATUS
When an error occurs, an error message is written to the standard error stream and a non-zero exit status value is returned. The following exit status values are defined:-
- 0
- Success
- 1
- General error
- 2
- Connection failed
- 3
- Connection timed out
- 4
- CRL does not exist
EXAMPLES
Add the CRL in class1crl.pem to the CRL store:cimcrl -a -f class1crl.pem
Remove the CRL for a specified issuer:
cimcrl -r -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com"
List all the X509 CRLs in the trust store:
cimcrl -l