1CRL(1)                              OpenSSL                             CRL(1)
2
3
4

NAME

6       crl - CRL utility
7

SYNOPSIS

9       openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
10       [-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
11       [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
12

DESCRIPTION

14       The crl command processes CRL files in DER or PEM format.
15

COMMAND OPTIONS

17       -inform DER|PEM
18           This specifies the input format. DER format is DER encoded CRL
19           structure. PEM (the default) is a base64 encoded version of the DER
20           form with header and footer lines.
21
22       -outform DER|PEM
23           This specifies the output format, the options have the same meaning
24           as the -inform option.
25
26       -in filename
27           This specifies the input filename to read from or standard input if
28           this option is not specified.
29
30       -out filename
31           specifies the output filename to write to or standard output by
32           default.
33
34       -text
35           print out the CRL in text form.
36
37       -nameopt option
38           option which determines how the subject or issuer names are
39           displayed. See the description of -nameopt in x509(1).
40
41       -noout
42           don't output the encoded version of the CRL.
43
44       -hash
45           output a hash of the issuer name. This can be use to lookup CRLs in
46           a directory by issuer name.
47
48       -hash_old
49           outputs the "hash" of the CRL issuer name using the older algorithm
50           as used by OpenSSL versions before 1.0.0.
51
52       -issuer
53           output the issuer name.
54
55       -lastupdate
56           output the lastUpdate field.
57
58       -nextupdate
59           output the nextUpdate field.
60
61       -CAfile file
62           verify the signature on a CRL by looking up the issuing certificate
63           in file
64
65       -CApath dir
66           verify the signature on a CRL by looking up the issuing certificate
67           in dir. This directory must be a standard certificate directory:
68           that is a hash of each subject name (using x509 -hash) should be
69           linked to each certificate.
70

NOTES

72       The PEM CRL format uses the header and footer lines:
73
74        -----BEGIN X509 CRL-----
75        -----END X509 CRL-----
76

EXAMPLES

78       Convert a CRL file from PEM to DER:
79
80        openssl crl -in crl.pem -outform DER -out crl.der
81
82       Output the text form of a DER encoded certificate:
83
84        openssl crl -in crl.der -text -noout
85

BUGS

87       Ideally it should be possible to create a CRL using appropriate options
88       and files too.
89

SEE ALSO

91       crl2pkcs7(1), ca(1), x509(1)
92
93
94
951.0.2k                            2017-01-26                            CRL(1)
Impressum