1CRL(1) OpenSSL CRL(1)
2
6 crl - CRL utility
7
9 openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
10 [-out filename] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate]
11 [-CAfile file] [-CApath dir]
12
14 The crl command processes CRL files in DER or PEM format.
15
17 -inform DER|PEM
18 This specifies the input format. DER format is DER encoded CRL
19 structure. PEM (the default) is a base64 encoded version of the DER
20 form with header and footer lines.
21 -outform DER|PEM
23 This specifies the output format, the options have the same meaning
24 as the -inform option.
25 -in filename
27 This specifies the input filename to read from or standard input if
28 this option is not specified.
29 -out filename
31 specifies the output filename to write to or standard output by
32 default.
33 -text
35 print out the CRL in text form.
36 -noout
38 don't output the encoded version of the CRL.
39 -hash
41 output a hash of the issuer name. This can be use to lookup CRLs in
42 a directory by issuer name.
43 -issuer
45 output the issuer name.
46 -lastupdate
48 output the lastUpdate field.
49 -nextupdate
51 output the nextUpdate field.
52 -CAfile file
54 verify the signature on a CRL by looking up the issuing certificate
55 in file
56 -CApath dir
58 verify the signature on a CRL by looking up the issuing certificate
59 in dir. This directory must be a standard certificate directory:
60 that is a hash of each subject name (using x509 -hash) should be
61 linked to each certificate.
62
64 The PEM CRL format uses the header and footer lines:
65 -----BEGIN X509 CRL-----
67 -----END X509 CRL-----
68
70 Convert a CRL file from PEM to DER:
71 openssl crl -in crl.pem -outform DER -out crl.der
73 Output the text form of a DER encoded certificate:
75 openssl crl -in crl.der -text -noout
77
79 Ideally it should be possible to create a CRL using appropriate options
80 and files too.
81
83 crl2pkcs7(1), ca(1), x509(1)
841.0.1e 2013-02-11 CRL(1)