SYNOPSIS
openssl crl
[
DESCRIPTION
The crl command processes CRL files in DER or PEM format.
Options
-help -
Print out a usage message.
-inform DER|PEM-
This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.
-outform DER|PEM-
specifies the output format, the options have the same meaning and default as the
-inform option. -in filename-
specifies the input file name to read from or standard input if this option is not specified.
-out filename-
specifies the output file name to write to or standard output by default.
-text -
print out the CRL in text form.
-nameopt option-
option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509.
-noout -
does not output the encoded version of the CRL.
-hash -
outputs a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.
-hash_old -
outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0.
-issuer -
outputs the issuer name.
-lastupdate -
outputs the lastUpdate field.
-nextupdate -
outputs the nextUpdate field.
-CAfile file-
verifies the signature on a CRL by looking up the issuing certificate in file.
-CApath dir-
verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509
-hash ) should be linked to each certificate.
NOTES
The PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL----- -----END X509 CRL-----
EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -inform DER -text -noout
BUGS
Ideally it should be possible to create a CRL using appropriate options and files too.
COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or here: OpenSSL.
AVAILABILITY
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition
SEE ALSO
- Commands:
- openssl ca, openssl crl2pkcs7, openssl x509
PTC MKS Toolkit 10.4 Documentation Build 39.