crl.pod revision 264331
1=pod 2 3=head1 NAME 4 5crl - CRL utility 6 7=head1 SYNOPSIS 8 9B<openssl> B<crl> 10[B<-inform PEM|DER>] 11[B<-outform PEM|DER>] 12[B<-text>] 13[B<-in filename>] 14[B<-out filename>] 15[B<-noout>] 16[B<-hash>] 17[B<-issuer>] 18[B<-lastupdate>] 19[B<-nextupdate>] 20[B<-CAfile file>] 21[B<-CApath dir>] 22 23=head1 DESCRIPTION 24 25The B<crl> command processes CRL files in DER or PEM format. 26 27=head1 COMMAND OPTIONS 28 29=over 4 30 31=item B<-inform DER|PEM> 32 33This specifies the input format. B<DER> format is DER encoded CRL 34structure. B<PEM> (the default) is a base64 encoded version of 35the DER form with header and footer lines. 36 37=item B<-outform DER|PEM> 38 39This specifies the output format, the options have the same meaning as the 40B<-inform> option. 41 42=item B<-in filename> 43 44This specifies the input filename to read from or standard input if this 45option is not specified. 46 47=item B<-out filename> 48 49specifies the output filename to write to or standard output by 50default. 51 52=item B<-text> 53 54print out the CRL in text form. 55 56=item B<-noout> 57 58don't output the encoded version of the CRL. 59 60=item B<-hash> 61 62output a hash of the issuer name. This can be use to lookup CRLs in 63a directory by issuer name. 64 65=item B<-hash_old> 66 67outputs the "hash" of the CRL issuer name using the older algorithm 68as used by OpenSSL versions before 1.0.0. 69 70=item B<-issuer> 71 72output the issuer name. 73 74=item B<-lastupdate> 75 76output the lastUpdate field. 77 78=item B<-nextupdate> 79 80output the nextUpdate field. 81 82=item B<-CAfile file> 83 84verify the signature on a CRL by looking up the issuing certificate in 85B<file> 86 87=item B<-CApath dir> 88 89verify the signature on a CRL by looking up the issuing certificate in 90B<dir>. This directory must be a standard certificate directory: that 91is a hash of each subject name (using B<x509 -hash>) should be linked 92to each certificate. 93 94=back 95 96=head1 NOTES 97 98The PEM CRL format uses the header and footer lines: 99 100 -----BEGIN X509 CRL----- 101 -----END X509 CRL----- 102 103=head1 EXAMPLES 104 105Convert a CRL file from PEM to DER: 106 107 openssl crl -in crl.pem -outform DER -out crl.der 108 109Output the text form of a DER encoded certificate: 110 111 openssl crl -in crl.der -text -noout 112 113=head1 BUGS 114 115Ideally it should be possible to create a CRL using appropriate options 116and files too. 117 118=head1 SEE ALSO 119 120L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 121 122=cut 123