1 |
.\" "@(#)$Id$" |
2 |
.\" |
3 |
.\" |
4 |
.TH CLEAN-CRL 8 local "Trust Anchor Utilities" |
5 |
.SH NAME |
6 |
clean-crl \- remove orphaned CRL like files from a certificate directory |
7 |
.SH SYNOPSIS |
8 |
.ll +8 |
9 |
.B clean-crl |
10 |
.RB [ \-l\ crlpath ] |
11 |
.RB [ \-v ] |
12 |
.RB [ \-V ] |
13 |
.RB [ \-n ] |
14 |
.RB [ \-h ] |
15 |
.ll -8 |
16 |
.SH DESCRIPTION |
17 |
The |
18 |
.I clean-crl |
19 |
utility will remove CRL like files named |
20 |
.IR hash .r n |
21 |
from the directory specified with the |
22 |
.B \-l |
23 |
option if there is no corresponding |
24 |
.RI . n |
25 |
file in the same. |
26 |
In effect, if the directory is solely used to hold CA certificates |
27 |
in the common OpenSSL format, it will thus remove CRL files for |
28 |
which the corresponding CA does not or no longer exists in the |
29 |
directory. |
30 |
|
31 |
.SH OPTIONS |
32 |
.TP |
33 |
.B \-h --help |
34 |
Show help text. |
35 |
.TP |
36 |
.B \-l --cadir metadata-directory |
37 |
The script will search this directory for files with the |
38 |
suffix |
39 |
.RI .r i . |
40 |
There is no default - a common choice is /etc/pki/tls/certs, |
41 |
/etc/openldap/cacerts, or /etc/grid-security/certificates. |
42 |
|
43 |
.TP |
44 |
.B \-V --version |
45 |
Display version number (same as corresponding fetch-crl) |
46 |
|
47 |
.TP |
48 |
.B \-v --verbose |
49 |
Verbose mode |
50 |
|
51 |
.TP |
52 |
.B \-n --dryrun |
53 |
Do not actually remove any files (useful primarily with -v) |
54 |
|
55 |
.SH CONFIGURATION |
56 |
None. |
57 |
|
58 |
.SH NOTES |
59 |
This tool does not check the contents of the files removed, and will |
60 |
blindly unlink any file which even remotely looks like an OpenSSL CRL |
61 |
file. Use with extreme caution. |
62 |
|
63 |
.SH "SEE ALSO" |
64 |
fetch-crl(8), openssl(1), |
65 |
http://wiki.nikhef.nl/grid/FetchCRL3 |
66 |
|
67 |
.SH "DIAGNOSTICS" |
68 |
Exit status is normally 0; |
69 |
if an error occurs, exit status is 1 and diagnostics will be written |
70 |
to standard error. |
71 |
|
72 |
.SH LICENSE |
73 |
Licensed under the Apache License, Version 2.0 (the "License"); |
74 |
|
75 |
.B http://www.apache.org/licenses/LICENSE-2.0 |
76 |
|
77 |
.SH BUGS |
78 |
Does not check the contents of the files removed. |
79 |
|