manpagez: man pages & more
man crlrefresh(1)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Other versions of crlrefresh Choose... osx-10.5osx-10.4

Home | html | info | man

crlrefresh(1)                                                    crlrefresh(1)

NAME

       crlrefresh - update and maintain system-wide CRL cache

SYNOPSIS

       crlrefresh command [command-args] [options] crlrefresh r [options] crl-
       refresh f URL [options] crlrefresh F URI [options]

CRLREFRESH COMMAND SUMMARY

       r Refresh the entire CRL cache f Fetch a CRL from specified URL F Fetch
       a Certificate from specified URL

DESCRIPTION

       Crlrefresh  is a UNIX command-line program which is used to refresh and
       update the contents of the system-wide cache of Certificate  Revocation
       Lists  (CRLs). CRLs, which are optionally used as part of the procedure
       for verifying X.509 certificates, are typically fetched from  the  net-
       work  using a URL which appears in (some) certificates. Caching CRLs is
       an optimization to avoid costs of network latency  and/or  unavailabil-
       ity.  Each CRL has a finite validity time which is specified in the CRL
       itself. This validity time may be as short as one day,  or  it  may  be
       much  longer.  Crlrefresh  examines  the  contents of the CRL cache and
       updates - via network fetch - all CRLs which  are  currently,  or  will
       soon  be,  invalid.   Crlrefresh is also use to fetch specific CRLs and
       certificates from the network; CRLs  fetched  via  crlrefresh  will  be
       added to the CRL cache as well as provided to the specified output file
       (or to stdout if no output file is provided). The URL specified in  the
       f  and F commands must have schema "http:" or "ldap:".  Typically, crl-
       refresh would be run on a regular basis via one  of  the  configuration
       files used by the cron(8) program.

CRLREFRESH OPTION SUMMARY

       s=stale_period
              Specify  the  time  in days which, having elapsed after a CRL is
              expired, that the CRL is deleted fromt he CRL cache. The default
              is 10 days.

       o=expire_overlap
              Specify  the  time in seconds prior to a CRL's expiration when a
              refresh action will attempt to replace  the  CRL  with  a  fresh
              copy.

       p      Purge  all  entries  from  the  CRL cache, ensuring refresh with
              fresh CRLs. Normally, CRLs whose expiration date  is  more  than
              expire_overlap past the current time are not refreshed.

       f      Perform  full  cryptographic verification of all CRLs in the CRL
              cache. Normally this step is only performed when a CRL is  actu-
              ally used to validate a certificate.

       k=keychain_name
              The full path to the CRL cache (which is always a keychain). The
              default is /var/db/crls/crlcache.db.

       v      Provide verbose output during operation.

       F=output_file_name
              When fetching a CRL or certificate, specifies the destination to
              which  the fetched entity will be written. If this is not speci-
              fied then the fetched entity is sent to stdout.

       n      When fetching a CRL, this inhibits the addition of  the  fetched
              CRL to the system CRL cache.

       v      Execute in verbose mode.

FILES

       /var/db/crls/crlcache.db System CRL cache database

SEE ALSO

       cron(8)



Apple Computer, Inc.            April 13, 2004                   crlrefresh(1)

---

Mac OS X 10.6 - Generated Thu Sep 17 20:07:23 CDT 2009

© manpagez.com 2000-2026
Individual documents may contain additional copyright information.