validatecertificate
Use the SignClient validatecertificate command to request a certificate to be validated by the specified service.
Usage
usage: signclient validatecertificate <options>-cert <cert-file> Path to certificate file (DER or PEM)(Required).-certpurposes <certpurposes> A ',' separated string containing requested certificate purposes.-der Certificate is in DER format.-help Display this info.-hosts <hosts> A ',' separated string containing the hostnames of the validation service nodes. Ex 'host1.someorg.org,host2.someorg.org'. When using the HTTP protocol, only one host name can be specified. (Required).-pem Certificate is in PEM format (Default).-port <port> Remote port of service (Default is 8080 or 8442 for SSL).-protocol <protocol> Protocol to use, either WEBSERVICES or HTTP. Default: WEBSERVICES.-service <service-name> The name or ID of the validation service to process request. (Required)-silent Don't produce any output, only return value.-truststore <jks-file> Path to JKS truststore containing trusted CA for SSL Server certificates.-truststorepwd <password> Password to unlock the truststore. The following values are returned by the program that can be used when scripting: -2 : Error happened during execution-1 : Bad arguments 0 : Certificate is valid 1 : Certificate is revoked 2 : Certificate is not yet valid 3 : Certificate have expired 4 : Certificate doesn't verify 5 : CA Certificate have been revoked 6 : CA Certificate is not yet valid 7 : CA Certificate have expired 8 : Certificate have no valid certificate purpose Sample Usages
a) validatecertificate -service CertValidationWorker -hosts localhost -cert certificate.pemb) validatecertificate -service 5806 -hosts localhost -cert certificate.pem -truststore p12/truststore.jks -truststorepwd changeitc) validatecertificate -service CertValidationWorker -hosts localhost -cert certificate.pem -protocol HTTP