Manual Pages for UNIX Darwin command on man crlrefresh
MyWebUniversity

Manual Pages for UNIX Darwin command on man crlrefresh

CRLREFRESH(1) CRLREFRESH(1)





NAME
       crlrefresh - update and maintain system-wide CRL cache



SYNOPSIS
       ccrrllrreeffrreesshh command [command-args] [options] ccrrllrreeffrreesshh r [options] ccrrll-

       rreeffrreesshh f URL [options] ccrrllrreeffrreesshh F URI [options]

CCRRLLRREEFFRREESSHH CCOOMMMMAANNDD SSUUMMMMAARRYY
       rr Refresh the entire CRL cache ff Fetch a CRL from specified URL FF Fetch
       a Certificate from specified URL


DESCRIPTION
       CCrrllrreeffrreesshh  is a UNIX command-line program which is used to refresh and

       update the contents of the system-wide cache of Certificate  Revocation

       Lists  (CRLs). CRLs, which are optionally used as part of the procedure

       for verifying X.509 certificates, are typically fetched from  the  net-

       work  using a URL which appears in (some) certificates. Caching CRLs is

       an optimization to avoid costs of network latency  and/or  unavailabil-

       ity.  Each CRL has a finite validity time which is specified in the CRL
       itself. This validity time may be as short as one day,  or  it  may  be
       much  longer.  Crlrefresh  examines  the  contents of the CRL cache and

       updates - via network fetch - all CRLs which  are  currently,  or  will

       soon  be,  invalid.   Crlrefresh is also use to fetch specific CRLs and
       certificates from the network; CRLs  fetched  via  ccrrllrreeffrreesshh  will  be
       added to the CRL cache as well as provided to the specified output file
       (or to stdout if no output file is provided). The URL specified in  the

       ff  and FF commands must have schema "http:" or "ldap:".  Typically, ccrrll-

       rreeffrreesshh would be run on a regular basis via one  of  the  configuration
       files used by the ccrroonn((88)) program.

CCRRLLRREEFFRREESSHH OOPPTTIIOONN SSUUMMMMAARRYY
       ss==ssttaalleeppeerriioodd
              Specify  the  time  in days which, having elapsed after a CRL is
              expired, that the CRL is deleted fromt he CRL cache. The default
              is 10 days.

       oo==eexxppiirreeoovveerrllaapp
              Specify  the  time in seconds prior to a CRL's expiration when a
              refresh action will attempt to replace  the  CRL  with  a  fresh
              copy.

       pp      Purge  all  entries  from  the  CRL cache, ensuring refresh with
              fresh CRLs. Normally, CRLs whose expiration date  is  more  than
              expireoverlap past the current time are not refreshed.

       ff      Perform  full  cryptographic verification of all CRLs in the CRL

              cache. Normally this step is only performed when a CRL is  actu-

              ally used to validate a certificate.

       kk==kkeeyycchhaaiinnnnaammee
              The full path to the CRL cache (which is always a keychain). The
              default is /var/db/crls/crlcache.db.

       vv      Provide verbose output during operation.

       FF==oouuttppuuttffiilleennaammee
              When fetching a CRL or certificate, specifies the destination to

              which  the fetched entity will be written. If this is not speci-

              fied then the fetched entity is sent to stdout.

       nn      When fetching a CRL, this inhibits the addition of  the  fetched
              CRL to the system CRL cache.

       vv      Execute in verbose mode.

FILES       //vvaarr//ddbb//ccrrllss//ccrrllccaacchhee..ddbb System CRL cache database


SEE ALSO
       ccrroonn(88)



Apple Computer, Inc.            April 13, 2004                   CRLREFRESH(1)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™