crl • man page

crl (1)

Leading comments

Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man1/crl.1ssl".)

NAME

crl - CRL utility

SYNOPSIS

openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

DESCRIPTION

The crl command processes

CRL

files in

DER

PEM

format.

COMMAND OPTIONS

-inform DER|PEM: This specifies the input format.
DER
format is
DER
encoded
CRL
structure.
PEM
(the default) is a base64 encoded version of the
DER
form with header and footer lines.
-outform DER|PEM: This specifies the output format, the options have the same meaning as the -inform option.
-in filename: This specifies the input filename to read from or standard input if this option is not specified.
-out filename: specifies the output filename to write to or standard output by default.
-text: print out the
CRL
in text form.
-nameopt option: option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).
-noout: don't output the encoded version of the
CRL.
-hash: output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.
-hash_old: outputs the ``hash'' of the
CRL
issuer name using the older algorithm as used by OpenSSL versions before 1.0.0.
-issuer: output the issuer name.
-lastupdate: output the lastUpdate field.
-nextupdate: output the nextUpdate field.
-CAfile file: verify the signature on a
CRL
by looking up the issuing certificate in file
-CApath dir: verify the signature on a
CRL
by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

NOTES

The

PEM CRL

format uses the header and footer lines:

 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

EXAMPLES

Convert a

CRL

file from

PEM

DER:

 openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a

DER

encoded certificate:

 openssl crl -in crl.der -text -noout

BUGS

Ideally it should be possible to create a

CRL

using appropriate options and files too.

crl • man page

crl • man page

crl (1)

Leading comments

NAME

SYNOPSIS

DESCRIPTION

COMMAND OPTIONS

NOTES

EXAMPLES

BUGS

SEE ALSO

Man Section

extra • Version

extra • Source

extra • Book

References

Referenced By