scion-pki certificate validate¶
Validate a SCION cert according to its type
‘validate’ checks if the certificate is valid and of the specified type.
In case the ‘any’ type is specified, this command attempts to identify what type a certificate is and validates it accordingly. The identified type is stated in the output.
By default, the command does not check that the certificate is in its validity period. This can be enabled by specifying the –check-time flag.
scion-pki certificate validate [flags]
scion-pki certificate validate --type cp-root /tmp/certs/cp-root.crt scion-pki certificate validate --type any /tmp/certs/cp-root.crt
--check-time Check that the certificate covers the current time. --current-time time The time that needs to be covered by the certificate. Can either be a timestamp or an offset. If the value is a timestamp, it is expected to either be an RFC 3339 formatted timestamp or a unix timestamp. If the value is a duration, it is used as the offset from the current time. (default 0s) -h, --help help for validate --type string type of cert (any|chain|cp-as|cp-ca|cp-root|regular-voting|sensitive-voting) (required)