CRL(1) | OpenSSL | CRL(1) |
-inform DER|PEM | This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines. |
-outform DER|PEM | This specifies the output format, the options have the same meaning as the -inform option. |
-in filename | This specifies the input filename to read from or standard input if this option is not specified. |
-out filename | specifies the output filename to write to or standard output by default. |
-text | print out the CRL in text form. |
-noout | don't output the encoded version of the CRL. |
-hash | output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. |
-issuer | output the issuer name. |
-lastupdate | output the lastUpdate field. |
-nextupdate | output the nextUpdate field. |
-CAfile file | verify the signature on a CRL by looking up the issuing certificate in file |
-CApath dir | verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate. |
-----BEGIN X509 CRL----- -----END X509 CRL-----
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
July 20, 2009 | 1.0.1-dev |