crl.pod revision 264331 
1=pod
2
3=head1 NAME
4
5crl - CRL utility
6
7=head1 SYNOPSIS
8
9B<openssl> B<crl>
10[B<-inform PEM|DER>]
11[B<-outform PEM|DER>]
12[B<-text>]
13[B<-in filename>]
14[B<-out filename>]
15[B<-noout>]
16[B<-hash>]
17[B<-issuer>]
18[B<-lastupdate>]
19[B<-nextupdate>]
20[B<-CAfile file>]
21[B<-CApath dir>]
22
23=head1 DESCRIPTION
24
25The B<crl> command processes CRL files in DER or PEM format.
26
27=head1 COMMAND OPTIONS
28
29=over 4
30
31=item B<-inform DER|PEM>
32
33This specifies the input format. B<DER> format is DER encoded CRL
34structure. B<PEM> (the default) is a base64 encoded version of
35the DER form with header and footer lines.
36
37=item B<-outform DER|PEM>
38
39This specifies the output format, the options have the same meaning as the 
40B<-inform> option.
41
42=item B<-in filename>
43
44This specifies the input filename to read from or standard input if this
45option is not specified.
46
47=item B<-out filename>
48
49specifies the output filename to write to or standard output by
50default.
51
52=item B<-text>
53
54print out the CRL in text form.
55
56=item B<-noout>
57
58don't output the encoded version of the CRL.
59
60=item B<-hash>
61
62output a hash of the issuer name. This can be use to lookup CRLs in
63a directory by issuer name.
64
65=item B<-hash_old>
66
67outputs the "hash" of the CRL issuer name using the older algorithm
68as used by OpenSSL versions before 1.0.0.
69
70=item B<-issuer>
71
72output the issuer name.
73
74=item B<-lastupdate>
75
76output the lastUpdate field.
77
78=item B<-nextupdate>
79
80output the nextUpdate field.
81
82=item B<-CAfile file>
83
84verify the signature on a CRL by looking up the issuing certificate in
85B<file>
86
87=item B<-CApath dir>
88
89verify the signature on a CRL by looking up the issuing certificate in
90B<dir>. This directory must be a standard certificate directory: that
91is a hash of each subject name (using B<x509 -hash>) should be linked
92to each certificate.
93
94=back
95
96=head1 NOTES
97
98The PEM CRL format uses the header and footer lines:
99
100 -----BEGIN X509 CRL-----
101 -----END X509 CRL-----
102
103=head1 EXAMPLES
104
105Convert a CRL file from PEM to DER:
106
107 openssl crl -in crl.pem -outform DER -out crl.der
108
109Output the text form of a DER encoded certificate:
110
111 openssl crl -in crl.der -text -noout
112
113=head1 BUGS
114
115Ideally it should be possible to create a CRL using appropriate options
116and files too.
117
118=head1 SEE ALSO
119
120L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
121
122=cut
123