CRL(1) OpenSSL CRL(1)

NAME

crl - CRL utility

LIBRARY

libcrypto, -lcrypto

SYNOPSIS

openssl crl [ -inform PEM|DER] [ -outform PEM|DER] [ -text] [ -in filename] [ -out filename] [ -noout] [ -hash] [ -issuer] [ -lastupdate] [ -nextupdate] [ -CAfile file] [ -CApath dir]

DESCRIPTION

The crl command processes CRL files in DER or PEM format.

COMMAND OPTIONS

-inform DER|PEM This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

-outform DER|PEM This specifies the output format, the options have the same meaning as the -inform option.

-in filename This specifies the input filename to read from or standard input if this option is not specified.

-out filename specifies the output filename to write to or standard output by default.

-text print out the CRL in text form.

-noout don't output the encoded version of the CRL.

-hash output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.

-issuer output the issuer name.

-lastupdate output the lastUpdate field.

-nextupdate output the nextUpdate field.

-CAfile file verify the signature on a CRL by looking up the issuing certificate in file

-CApath dir verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

NOTES

The PEM CRL format uses the header and footer lines:

-----BEGIN X509 CRL----- -----END X509 CRL-----

EXAMPLES

Convert a CRL file from PEM to DER:

openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

openssl crl -in crl.der -text -noout

BUGS

Ideally it should be possible to create a CRL using appropriate options and files too.

SEE ALSO

openssl_crl2pkcs7(1), openssl_ca(1), openssl_x509(1)
July 20, 2009 1.0.1-dev