1PrettyPrintCrl(1) PKI CRL Print Tool PrettyPrintCrl(1)
2
3
4
6 PrettyPrintCrl - reads a certificate revocation list (CRL) stored in an
7 ASCII base-64 encoded file and outputs it in a readable format.
8
9
11 PrettyPrintCrl input-file [output-file]
12
13
15 The PrettyPrintCrl command provides a command-line utility used to
16 print the contents of a CRL stored as ASCII base-64 encoded data in a
17 file to a readable format. The output of this command is displayed to
18 standard output, but can be optionally saved into a specified file.
19
20
22 <input-file>
23 Mandatory. Specifies the path to the file that contains the ASCII
24 base-64 encoded CRL.
25
26
27 <output-file>
28 Optional. Specifies the path to the file to write the CRL.
29 If the output file is not specified, the CRL information is written
30 to the standard output.
31
32
34 The following example PrettyPrintCrl command takes the ASCII base-64
35 encoded CRL in the ascii_data.crl file and writes the CRL in the
36 pretty-print format to the output file crl.out:
37
38
39 $ PrettyPrintCrl ascii_data.crl crl.out
40
41
42
43 For this example, the base-64 encoded CRL data in the ascii_data.crl
44 looks like the following:
45
46
47 -----BEGIN X509 CRL-----
48 MIICVDCCATwCAQEwDQYJKoZIhvcNAQELBQAwTjErMCkGA1UECgwidXNlcnN5cy5y
49 ZWRoYXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2lnbmluZyBD
50 ZXJ0aWZpY2F0ZRcNMTYwNzIyMjExMjUwWhcNMTYwNzIyMjMwMDAwWjCBiDAgAgEK
51 Fw0xNjA3MjIyMDU1MTZaMAwwCgYDVR0VBAMKAQYwIAIBCRcNMTYwNzIyMjEwMTU2
52 WjAMMAoGA1UdFQQDCgEGMCACAQgXDTE2MDcyMjIxMTIyNVowDDAKBgNVHRUEAwoB
53 ATAgAgEHFw0xNjA3MjIyMTAxNTZaMAwwCgYDVR0VBAMKAQagLzAtMB8GA1UdIwQY
54 MBaAFLs2mF1ly4jghyM3b1v3r4uK67q1MAoGA1UdFAQDAgEKMA0GCSqGSIb3DQEB
55 CwUAA4IBAQCjnwpdLVU4sg3GnOFQiHpBuWspevzj0poHQs9b4Uv17o0MC4irftkR
56 zRBVgwLvdSd5WFEUSbhWVjhS4o4w84BXdmti/+UBS+mOVNxiKqs3Z7Fxcg+mCsiH
57 SDWT3iiqZVqlPMOKDzIQGj4XeArSBK13qjNdwKzVJZlXYfwzdDtyVKBJcoETXGZ3
58 irU8RTXo7OhO6xKDAaHjzVVynjfGdIDaavl1fjwXFufwZBeiXm1zyyFSvDUdny4G
59 29NTmM2945jCESeR7DV2q1LHG/v2rzCOKTWdPdXTPCics05KzUA4S6X+mp051wkh
60 yJM2LYpV6lKV6JiczHLrgf5QcqfwSkTX
61 -----END X509 CRL-----
62
63
64
65 The CRL in pretty-print format in the crl.out file looks like the fol‐
66 lowing:
67
68
69 Certificate Revocation List:
70 Data:
71 Version: v2
72 Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
73 Issuer: CN=CA Signing Certificate,O=example.com Security Domain
74 This Update: Friday, July 22, 2016 3:12:50 PM MDT America/Denver
75 Next Update: Friday, July 22, 2016 5:00:00 PM MDT America/Denver
76 Revoked Certificates:
77 Serial Number: 0xA
78 Revocation Date: Friday, July 22, 2016 2:55:16 PM MDT America/Denver
79 Extensions:
80 Identifier: Revocation Reason - 2.5.29.21
81 Critical: no
82 Reason: CA_Compromise
83 Serial Number: 0x9
84 Revocation Date: Friday, July 22, 2016 3:01:56 PM MDT America/Denver
85 Extensions:
86 Identifier: Revocation Reason - 2.5.29.21
87 Critical: no
88 Reason: Affiliation_Changed
89 Serial Number: 0x8
90 Revocation Date: Friday, July 22, 2016 3:12:25 PM MDT America/Denver
91 Extensions:
92 Identifier: Revocation Reason - 2.5.29.21
93 Critical: no
94 Reason: Key_Compromise
95 Serial Number: 0x7
96 Revocation Date: Friday, July 22, 2016 3:01:56 PM MDT America/Denver
97 Extensions:
98 Identifier: Revocation Reason - 2.5.29.21
99 Critical: no
100 Reason: Certificate_Hold
101 Extensions:
102 Identifier: Authority Key Identifier - 2.5.29.35
103 Critical: no
104 Key Identifier:
105 BB:36:98:5D:65:CB:88:E0:87:23:37:6F:5B:F7:AF:8B:
106 8A:EB:BA:B5
107 Identifier: CRL Number - 2.5.29.20
108 Critical: no
109 Number: 10
110 Signature:
111 Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
112 Signature:
113 A3:9F:0A:5D:2D:55:38:B2:0D:C6:9C:E1:50:88:7A:41:
114 B9:6B:29:7A:FC:E3:D2:9A:07:42:CF:5B:E1:4B:F5:EE:
115 8D:0C:0B:88:AB:7E:D9:11:CD:10:55:83:02:EF:75:27:
116 79:58:51:14:49:B8:56:56:38:52:E2:8E:30:F3:80:57:
117 76:6B:62:FF:E5:01:4B:E9:8E:54:DC:62:2A:AB:37:67:
118 B1:71:72:0F:A6:0A:C8:87:48:35:93:DE:28:AA:65:5A:
119 A5:3C:C3:8A:0F:32:10:1A:3E:17:78:0A:D2:04:AD:77:
120 AA:33:5D:C0:AC:D5:25:99:57:61:FC:33:74:3B:72:54:
121 A0:49:72:81:13:5C:66:77:8A:B5:3C:45:35:E8:EC:E8:
122 4E:EB:12:83:01:A1:E3:CD:55:72:9E:37:C6:74:80:DA:
123 6A:F9:75:7E:3C:17:16:E7:F0:64:17:A2:5E:6D:73:CB:
124 21:52:BC:35:1D:9F:2E:06:DB:D3:53:98:CD:BD:E3:98:
125 C2:11:27:91:EC:35:76:AB:52:C7:1B:FB:F6:AF:30:8E:
126 29:35:9D:3D:D5:D3:3C:28:9C:B3:4E:4A:CD:40:38:4B:
127 A5:FE:9A:9D:39:D7:09:21:C8:93:36:2D:8A:55:EA:52:
128 95:E8:98:9C:CC:72:EB:81:FE:50:72:A7:F0:4A:44:D7
129
130
131
133 PrettyPrintCert(1), pki(1)
134
135
137 Matthew Harmsen <mharmsen@redhat.com>.
138
139
141 Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU Gen‐
142 eral Public License, version 2 (GPLv2). A copy of this license is
143 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
144
145
146
147PKI July 20, 2016 PrettyPrintCrl(1)