Usage: vfychain [options] [revocation options] certfile [[options] certfile] ... Where options are: -a Following certfile is base64 encoded -b YYMMDDHHMMZ Validate date (default: now) -d directory Database directory -i number of consecutive verifications -f Enable cert fetching from AIA URL -o oid Set policy OID for cert validation(Format OID.1.2.3) -p Use PKIX Library to validate certificate by calling: * CERT_VerifyCertificate if specified once, * CERT_PKIXVerifyCert if specified twice and more. -r Following certfile is raw binary DER (default) -t Following cert is explicitly trusted (overrides db trust). -u usage 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA -T Trust both explicit trust anchors (-t) and the database. (Default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.) -v Verbose mode. Prints root cert subject(double the argument for whole root cert info) -w password Database password. -W pwfile Password file. Revocation options for PKIX API(invoked with -pp options) is a collection of the following flags: [-g type [-h flags] [-m type [-s flags]] ...] ... Where: -g test type Sets status checking test type. Possible values are "leaf" or "chain" -h test flags Sets revocation flags for the test type it follows. Possible flags: "testLocalInfoFirst" and "requireFreshInfo". -m method type Sets method type for the test type it follows. Possible types are "crl" and "ocsp". -s method flags Sets revocation flags for the method it follows. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".

Usage: vfychain [options] [revocation options] certfile [[options] certfile] ... Where options are: -a Following certfile is base64 encoded -b YYMMDDHHMMZ Validate date (default: now) -d directory Database directory -i number of consecutive verifications -f Enable cert fetching from AIA URL -o oid Set policy OID for cert validation(Format OID.1.2.3) -p Use PKIX Library to validate certificate by calling: * CERT_VerifyCertificate if specified once, * CERT_PKIXVerifyCert if specified twice and more. -r Following certfile is raw binary DER (default) -t Following cert is explicitly trusted (overrides db trust). -u usage 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA -T Trust both explicit trust anchors (-t) and the database. (Default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.) -v Verbose mode. Prints root cert subject(double the argument for whole root cert info) -w password Database password. -W pwfile Password file. Revocation options for PKIX API(invoked with -pp options) is a collection of the following flags: [-g type [-h flags] [-m type [-s flags]] ...] ... Where: -g test type Sets status checking test type. Possible values are "leaf" or "chain" -h test flags Sets revocation flags for the test type it follows. Possible flags: "testLocalInfoFirst" and "requireFreshInfo". -m method type Sets method type for the test type it follows. Possible types are "crl" and "ocsp". -s method flags Sets revocation flags for the method it follows. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".