crlrefresh man page on Darwin
Man page or keyword search:  
man Server   23457 pages
apropos Keyword Search (all sections)
Output format
Darwin logo
[printable version] 
CRLREFRESH(1)							 CRLREFRESH(1)

NAME
       crlrefresh - update and maintain system-wide CRL cache

SYNOPSIS
       crlrefresh command [command-args] [options] crlrefresh r [options] crl‐
       refresh f URL [options] crlrefresh F URI [options]

CRLREFRESH COMMAND SUMMARY
       r Refresh the entire CRL cache f Fetch a CRL from specified URL F Fetch
       a Certificate from specified URL

DESCRIPTION
       Crlrefresh  is a UNIX command-line program which is used to refresh and
       update the contents of the system-wide cache of Certificate  Revocation
       Lists  (CRLs). CRLs, which are optionally used as part of the procedure
       for verifying X.509 certificates, are typically fetched from  the  net‐
       work  using a URL which appears in (some) certificates. Caching CRLs is
       an optimization to avoid costs of network latency  and/or  unavailabil‐
       ity.  Each CRL has a finite validity time which is specified in the CRL
       itself. This validity time may be as short as one day,  or  it  may  be
       much  longer.  Crlrefresh  examines  the	 contents of the CRL cache and
       updates - via network fetch - all CRLs which  are  currently,  or  will
       soon  be,  invalid.   Crlrefresh is also use to fetch specific CRLs and
       certificates from the network; CRLs  fetched  via  crlrefresh  will  be
       added to the CRL cache as well as provided to the specified output file
       (or to stdout if no output file is provided). The URL specified in  the
       f  and F commands must have schema "http:" or "ldap:".  Typically, crl‐
       refresh would be run on a regular basis via one	of  the	 configuration
       files used by the cron(8) program.

CRLREFRESH OPTION SUMMARY
       s=stale_period
	      Specify  the  time  in days which, having elapsed after a CRL is
	      expired, that the CRL is deleted fromt he CRL cache. The default
	      is 10 days.

       o=expire_overlap
	      Specify  the  time in seconds prior to a CRL's expiration when a
	      refresh action will attempt to replace  the  CRL	with  a	 fresh
	      copy.

       p      Purge  all  entries  from	 the  CRL cache, ensuring refresh with
	      fresh CRLs. Normally, CRLs whose expiration date	is  more  than
	      expire_overlap past the current time are not refreshed.

       f      Perform  full  cryptographic verification of all CRLs in the CRL
	      cache. Normally this step is only performed when a CRL is	 actu‐
	      ally used to validate a certificate.

       k=keychain_name
	      The full path to the CRL cache (which is always a keychain). The
	      default is /var/db/crls/crlcache.db.

       v      Provide verbose output during operation.

       F=output_file_name
	      When fetching a CRL or certificate, specifies the destination to
	      which  the fetched entity will be written. If this is not speci‐
	      fied then the fetched entity is sent to stdout.

       n      When fetching a CRL, this inhibits the addition of  the  fetched
	      CRL to the system CRL cache.

       v      Execute in verbose mode.

FILES
       /var/db/crls/crlcache.db System CRL cache database

SEE ALSO
       cron(8)

Apple Computer, Inc.		April 13, 2004			 CRLREFRESH(1)
[top]

List of man pages available for Darwin

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net