MyWebUniversity.com Home Page
 



Darwin Mac OS X man pages main menu 
CRLREFRESH(1)                                                    CRLREFRESH(1)



NAME
       crlrefresh - update and maintain system-wide CRL cache

SYNOPSIS
       crlrefresh command [command-args] [options]

       crlrefresh r [options]

       crlrefresh f URL [options]

       crlrefresh F URI [options]


CRLREFRESH COMAND SUMARY
       r Refresh the entire CRL cache

       f Fetch a CRL from specified URL

       F Fetch a Certificate from specified URL


DESCRIPTION
       Crlrefresh  is a UNIX command-line program which is used to refresh and
       update the contents of the system-wide cache of Certificate  Revocation
       Lists  (CRLs). CRLs, which are optionally used as part of the procedure
       for verifying X.509 certificates, are typically fetched from  the  net-
       work  using a URL which appears in (some) certificates. Caching CRLs is
       an optimization to avoid costs of network latency  and/or  unavailabil-
       ity.  Each CRL has a finite validity time which is specified in the CRL
       itself. This validity time may be as short as one day,  or  it  may  be
       much  longer.  Crlrefresh  examines  the  contents of the CRL cache and
       updates - via network fetch - all CRLs which  are  currently,  or  will
       soon be, invalid.

       Crlrefresh is also use to fetch specific CRLs and certificates from the
       network; CRLs fetched via crlrefresh will be added to the CRL cache  as
       well  as provided to the specified output file (or to stdout if no out-
       put file is provided). The URL specified in the f and F  commands  must
       have schema "http:" or "ldap:".

       Typically,  crlrefresh  would  be run on a regular basis via one of the
       configuration files used by the cron(8) program.


CRLREFRESH OPTION SUMARY
       s==staleperiod
              Specify the time in days which, having elapsed after  a  CRL  is
              expired, that the CRL is deleted fromt he CRL cache. The default
              is 10 days.

       o==expireoverlap
              Specify the time in seconds prior to a CRL's expiration  when  a
              refresh  action  will  attempt  to  replace the CRL with a fresh
              copy.

       p      Purge all entries from the  CRL  cache,  ensuring  refresh  with
              fresh  CRLs.  Normally,  CRLs whose expiration date is more than
              expireoverlap past the current time are not refreshed.

       f      Perform full cryptographic verification of all CRLs in  the  CRL
              cache.  Normally this step is only performed when a CRL is actu-
              ally used to validate a certificate.

       k==keychainname
              The full path to the CRL cache (which is always a keychain). The
              default is /var/db/crls/crlcache.db.

       v      Provide verbose output during operation.

       F==outputfilename
              When fetching a CRL or certificate, specifies the destination to
              which the fetched entity will be written. If this is not  speci-
              fied then the fetched entity is sent to stdout.

       n      When  fetching  a CRL, this inhibits the addition of the fetched
              CRL to the system CRL cache.

       v      Execute in verbose mode.


FILES
       /var/db/crls/crlcache.db System CRL cache database

SEE ALSO
       cron(8)



Apple Computer, Inc.            April 13, 2004                   CRLREFRESH(1)
Darwin Mac OS X man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™