1CRL(1) OpenSSL CRL(1)
2
3
4
6 crl - CRL utility
7
9 openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
10 [-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
11 [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
12
14 The crl command processes CRL files in DER or PEM format.
15
17 -inform DER|PEM
18 This specifies the input format. DER format is DER encoded CRL
19 structure. PEM (the default) is a base64 encoded version of the DER
20 form with header and footer lines.
21
22 -outform DER|PEM
23 This specifies the output format, the options have the same meaning
24 as the -inform option.
25
26 -in filename
27 This specifies the input filename to read from or standard input if
28 this option is not specified.
29
30 -out filename
31 specifies the output filename to write to or standard output by
32 default.
33
34 -text
35 print out the CRL in text form.
36
37 -nameopt option
38 option which determines how the subject or issuer names are
39 displayed. See the description of -nameopt in x509(1).
40
41 -noout
42 don't output the encoded version of the CRL.
43
44 -hash
45 output a hash of the issuer name. This can be use to lookup CRLs in
46 a directory by issuer name.
47
48 -hash_old
49 outputs the "hash" of the CRL issuer name using the older algorithm
50 as used by OpenSSL versions before 1.0.0.
51
52 -issuer
53 output the issuer name.
54
55 -lastupdate
56 output the lastUpdate field.
57
58 -nextupdate
59 output the nextUpdate field.
60
61 -CAfile file
62 verify the signature on a CRL by looking up the issuing certificate
63 in file
64
65 -CApath dir
66 verify the signature on a CRL by looking up the issuing certificate
67 in dir. This directory must be a standard certificate directory:
68 that is a hash of each subject name (using x509 -hash) should be
69 linked to each certificate.
70
72 The PEM CRL format uses the header and footer lines:
73
74 -----BEGIN X509 CRL-----
75 -----END X509 CRL-----
76
78 Convert a CRL file from PEM to DER:
79
80 openssl crl -in crl.pem -outform DER -out crl.der
81
82 Output the text form of a DER encoded certificate:
83
84 openssl crl -in crl.der -text -noout
85
87 Ideally it should be possible to create a CRL using appropriate options
88 and files too.
89
91 crl2pkcs7(1), ca(1), x509(1)
92
93
94
951.0.2k 2017-01-26 CRL(1)