scion-pki certificate verify

Verify a certificate chain

Synopsis

‘verify’ verifies the certificate chains based on a trusted TRC.

The chain must be a PEM bundle with the AS certificate first, and the CA certificate second.

The ISD-AS property of the subject identified by the certificate (or in the case of a certificate chain, the leaf certificate) can be validated by specifying the --subject-isd-as flag and the expected ISD-AS value.

scion-pki certificate verify [flags]

Examples

scion-pki certificate verify --trc ISD1-B1-S1.trc,ISD1-B1-S2.trc ISD1-ASff00_0_110.pem
scion-pki certificate verify --trc ISD1-*.trc ISD1-ASff00_0_110.pem

Options

    --currenttime int         Optional unix timestamp that sets the current time
-h, --help                    help for verify
    --subject-isd-as string   ISD-AS property of the subject of the certificate
    --trc strings             Comma-separated list of trusted TRC files or glob patterns. If more than two TRCs are specified,
                               only up to two active TRCs with the highest Base version are used (required)

SEE ALSO

• scion-pki certificate - Manage certificates for the SCION control plane PKI.

• scion-pki certificate verify ca - Verify a CA certificate