CRL
Section: OpenSSL (1)
Updated: 2021-03-26
Page Index
NAME
openssl-crl, crl - CRL utility
SYNOPSIS
openssl crl
[
-help]
[
-inform PEM|DER]
[
-outform PEM|DER]
[
-text]
[
-in filename]
[
-out filename]
[
-nameopt option]
[
-noout]
[
-hash]
[
-issuer]
[
-lastupdate]
[
-nextupdate]
[
-CAfile file]
[
-CApath dir]
DESCRIPTION
The
crl command processes
CRL files in
DER or
PEM format.
OPTIONS
- -help
-
Print out a usage message.
- -inform DER|PEM
-
This specifies the input format. DER format is DER encoded CRL
structure. PEM (the default) is a base64 encoded version of
the DER form with header and footer lines.
- -outform DER|PEM
-
This specifies the output format, the options have the same meaning and default
as the -inform option.
- -in filename
-
This specifies the input filename to read from or standard input if this
option is not specified.
- -out filename
-
Specifies the output filename to write to or standard output by
default.
- -text
-
Print out the CRL in text form.
- -nameopt option
-
Option which determines how the subject or issuer names are displayed. See
the description of -nameopt in x509(1).
- -noout
-
Don't output the encoded version of the CRL.
- -hash
-
Output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
- -hash_old
-
Outputs the ``hash'' of the CRL issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.
- -issuer
-
Output the issuer name.
- -lastupdate
-
Output the lastUpdate field.
- -nextupdate
-
Output the nextUpdate field.
- -CAfile file
-
Verify the signature on a CRL by looking up the issuing certificate in
file.
- -CApath dir
-
Verify the signature on a CRL by looking up the issuing certificate in
dir. This directory must be a standard certificate directory: that
is a hash of each subject name (using x509 -hash) should be linked
to each certificate.
NOTES
The
PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
EXAMPLES
Convert a
CRL file from
PEM to
DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -inform DER -text -noout
BUGS
Ideally it should be possible to create a
CRL using appropriate options
and files too.
SEE ALSO
crl2pkcs7(1),
ca(1),
x509(1)
COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.