crl.pod revision 279264 
1=pod
2
3=head1 NAME
4
5crl - CRL utility
6
7=head1 SYNOPSIS
8
9B<openssl> B<crl>
10[B<-inform PEM|DER>]
11[B<-outform PEM|DER>]
12[B<-text>]
13[B<-in filename>]
14[B<-out filename>]
15[B<-nameopt option>]
16[B<-noout>]
17[B<-hash>]
18[B<-issuer>]
19[B<-lastupdate>]
20[B<-nextupdate>]
21[B<-CAfile file>]
22[B<-CApath dir>]
23
24=head1 DESCRIPTION
25
26The B<crl> command processes CRL files in DER or PEM format.
27
28=head1 COMMAND OPTIONS
29
30=over 4
31
32=item B<-inform DER|PEM>
33
34This specifies the input format. B<DER> format is DER encoded CRL
35structure. B<PEM> (the default) is a base64 encoded version of
36the DER form with header and footer lines.
37
38=item B<-outform DER|PEM>
39
40This specifies the output format, the options have the same meaning as the 
41B<-inform> option.
42
43=item B<-in filename>
44
45This specifies the input filename to read from or standard input if this
46option is not specified.
47
48=item B<-out filename>
49
50specifies the output filename to write to or standard output by
51default.
52
53=item B<-text>
54
55print out the CRL in text form.
56
57=item B<-nameopt option>
58
59option which determines how the subject or issuer names are displayed. See
60the description of B<-nameopt> in L<x509(1)|x509(1)>.
61
62=item B<-noout>
63
64don't output the encoded version of the CRL.
65
66=item B<-hash>
67
68output a hash of the issuer name. This can be use to lookup CRLs in
69a directory by issuer name.
70
71=item B<-hash_old>
72
73outputs the "hash" of the CRL issuer name using the older algorithm
74as used by OpenSSL versions before 1.0.0.
75
76=item B<-issuer>
77
78output the issuer name.
79
80=item B<-lastupdate>
81
82output the lastUpdate field.
83
84=item B<-nextupdate>
85
86output the nextUpdate field.
87
88=item B<-CAfile file>
89
90verify the signature on a CRL by looking up the issuing certificate in
91B<file>
92
93=item B<-CApath dir>
94
95verify the signature on a CRL by looking up the issuing certificate in
96B<dir>. This directory must be a standard certificate directory: that
97is a hash of each subject name (using B<x509 -hash>) should be linked
98to each certificate.
99
100=back
101
102=head1 NOTES
103
104The PEM CRL format uses the header and footer lines:
105
106 -----BEGIN X509 CRL-----
107 -----END X509 CRL-----
108
109=head1 EXAMPLES
110
111Convert a CRL file from PEM to DER:
112
113 openssl crl -in crl.pem -outform DER -out crl.der
114
115Output the text form of a DER encoded certificate:
116
117 openssl crl -in crl.der -text -noout
118
119=head1 BUGS
120
121Ideally it should be possible to create a CRL using appropriate options
122and files too.
123
124=head1 SEE ALSO
125
126L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
127
128=cut
129