Dirmngr makes use of several directories when running in daemon mode: There are a few configuration files whih control the operation of dirmngr. By default they may all be found in the current home directory (see option –homedir).
SIGHUPhowever not all options will actually have an effect. This default name may be changed on the command line (see option –options). You should backup this file.
Usually these are the same certificates you use with the applications making use of dirmngr. It is expected that each of these certificate files contain exactly one DER encoded certificate in a file with the suffix .crt or .der. dirmngr reads those certificates on startup and when given a SIGHUP. Certificates which are not readable or do not make up a proper X.509 certificate are ignored; see the log file for details.
Applications using dirmngr (e.g. gpgsm) can request these certificates to complete a trust chain in the same way as with the extra-certs directory (see below).
Note that for OCSP responses the certificate specified using the option
--ocsp-signer is always considered valid to sign OCSP requests.
To be able to see what's going on you should create the configure file ~/gnupg/dirmngr.conf with at least one line:
To be able to perform OCSP requests you probably want to add the line:
To make sure that new options are read and that after the installation of a new GnuPG versions the installed dirmngr is running, you may want to kill an existing dirmngr first:
gpgconf --kill dirmngr
You may check the log file to see whether all desired root certificates have been loaded correctly.