openssl crl

CRL utility 

openssl command

SYNOPSIS

openssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-key filename] [-keyform PEM|DER] [-dateopt] [-text] [-in filename] [-out filename] [-gendelta filename] [-badsig] [-verify] [-noout] [-hash] [-hash_old] [-fingerprint] [-crlnumber] [-issuer] [-lastupdate] [-nextupdate] [-nameopt option] [-CAfile file] [-no-CAfile] [-CApath dir] [-no-CApath] [-CAstore uri] [-no-CAstore] [-provider name] [-provider-path path] [-propquery propq]

DESCRIPTION

The crl command processes CRL files in DER or PEM format.

Options

-help 

Print out a usage message.

-inform DER|PEM 

The CRL input format; unspecified by defailt. See openssl format-options for details.

-outform DER|PEM 

The CRL output format; unspecified by defailt. See openssl format-options for details.

-key filename 

The private key to be used to sign the CRL.

-keyform DER|PEM 

The format of the private key file; unspecified by default. See openssl format-options for details.

-in filename 

specifies the input file name to read from or standard input if this option is not specified.

-out filename 

specifies the output file name to write to or standard output by default.

-gendelta filename 

Output a comparison of the main CRL and the one specified here.

-gendelta 

Corrupt the signature before writing it; this can be useful for testing.

-dateopt 

Specify the date format output. Values are: rfc_822 and iso_8601. Defaults to rfc_822.

-text 

print out the CRL in text form.

-verify 

Verify the signature in the CRL.

-noout 

does not output the encoded version of the CRL.

-fingerprint 

Output the fingerprint of the CRL.

-crlnumber 

Output the number of the CRL.

-hash 

outputs a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.

-hash_old 

outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0.

-issuer 

outputs the issuer name.

-lastupdate 

outputs the lastUpdate field.

-nextupdate 

outputs the nextUpdate field.

-nameopt option 

This specifies how the subject or issuer names are displayed. See openssl namedisplay-options for details.

-CAfile file 
-no-CAfile 
-CApath dir 
-no-CApath 
-CAstore uri 
-no-CAstore 

See openssl verification-options for details.

-provider name 
-provider-path path 
-propquery propq 

See Provider Options in openssl for details.

EXAMPLES

Convert a CRL file from PEM to DER: 

openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate: 

openssl crl -in crl.der -text -noout

BUGS

Ideally it should be possible to create a CRL using appropriate options and files too.

COPYRIGHT

Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or here: OpenSSL.

AVAILABILITY

PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition

SEE ALSO

Commands:
openssl ca, openssl crl2pkcs7, openssl x509

PTC MKS Toolkit 10.5 Documentation Build 40.