DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.1/openssl-crl.1(/usr/man/cat.1/openssl-crl.1)



CRL(1)                       OpenSSL                       CRL(1)

NAME

     openssl-crl, crl - CRL utility

SYNOPSIS

     openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text]
     [-in filename] [-out filename] [-nameopt option] [-noout]
     [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file]
     [-CApath dir]

DESCRIPTION

     The crl command processes CRL files in DER or PEM format.

COMMAND OPTIONS

     -inform DER|PEM
         This specifies the input format. DER format is DER
         encoded CRL structure. PEM (the default) is a base64
         encoded version of the DER form with header and footer
         lines.

     -outform DER|PEM
         This specifies the output format, the options have the
         same meaning as the -inform option.

     -in filename
         This specifies the input filename to read from or
         standard input if this option is not specified.

     -out filename
         specifies the output filename to write to or standard
         output by default.

     -text
         print out the CRL in text form.

     -nameopt option
         option which determines how the subject or issuer names
         are displayed. See the description of -nameopt in
         x509(1).

     -noout
         don't output the encoded version of the CRL.

     -hash
         output a hash of the issuer name. This can be use to
         lookup CRLs in a directory by issuer name.

     -hash_old
         outputs the "hash" of the CRL issuer name using the
         older algorithm as used by OpenSSL versions before
         1.0.0.

     -issuer

1.0.2t               Last change: 2019-09-10                    1

CRL(1)                       OpenSSL                       CRL(1)

         output the issuer name.

     -lastupdate
         output the lastUpdate field.

     -nextupdate
         output the nextUpdate field.

     -CAfile file
         verify the signature on a CRL by looking up the issuing
         certificate in file

     -CApath dir
         verify the signature on a CRL by looking up the issuing
         certificate in dir. This directory must be a standard
         certificate directory: that is a hash of each subject
         name (using x509 -hash) should be linked to each
         certificate.

NOTES

     The PEM CRL format uses the header and footer lines:

      -----BEGIN X509 CRL-----
      -----END X509 CRL-----

EXAMPLES

     Convert a CRL file from PEM to DER:

      openssl crl -in crl.pem -outform DER -out crl.der

     Output the text form of a DER encoded certificate:

      openssl crl -in crl.der -inform DER -text -noout

BUGS

     Ideally it should be possible to create a CRL using
     appropriate options and files too.

SEE ALSO

     crl2pkcs7(1), ca(1), x509(1)

1.0.2t               Last change: 2019-09-10                    2

See also crl(1)
Man(1) output converted with man2html