From ac291206e86f4d39e1820bbb746612c9018383b6 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 5 Apr 2017 08:32:48 +0200
Subject: certtool: added examples on verifying certificates

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 src/certtool-args.def | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 8cf1ab7be9..6aea3f2562 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -640,12 +640,26 @@ $ certtool --load-ca-certificate ca.pem \
   --to-p12 --outder --outfile key.p12
 @end example
 
-@subheading Diffie-Hellman parameter generation
-To generate parameters for Diffie-Hellman key exchange, use the command:
+@subheading Obtaining Diffie-Hellman parameters
+To obtain the RFC7919 parameters for Diffie-Hellman key exchange, use the command:
 @example
-$ certtool --generate-dh-params --outfile dh.pem --sec-param medium
+$ certtool --get-dh-params --outfile dh.pem --sec-param medium
 @end example
 
+@subheading Verifying a certificate
+To verify a certificate in a file against the system's CA trust store
+use the following command:
+@example
+$ certtool --verify --infile cert.pem
+@end example
+
+It is also possible to simulate hostname verification with the following
+options:
+@example
+$ certtool --verify --verify-hostname www.example.com --infile cert.pem
+@end example
+
+
 @subheading Proxy certificate generation
 Proxy certificate can be used to delegate your credential to a
 temporary, typically short-lived, certificate.  To create one from the
-- 
cgit v1.2.1