159191Skris=pod
259191Skris
359191Skris=head1 NAME
459191Skris
559191Skriscrl - CRL utility
659191Skris
759191Skris=head1 SYNOPSIS
859191Skris
959191SkrisB<openssl> B<crl>
1059191Skris[B<-inform PEM|DER>]
1159191Skris[B<-outform PEM|DER>]
1259191Skris[B<-text>]
1359191Skris[B<-in filename>]
1459191Skris[B<-out filename>]
15269686Sjkim[B<-nameopt option>]
1659191Skris[B<-noout>]
1759191Skris[B<-hash>]
1859191Skris[B<-issuer>]
1959191Skris[B<-lastupdate>]
2059191Skris[B<-nextupdate>]
2159191Skris[B<-CAfile file>]
2259191Skris[B<-CApath dir>]
2359191Skris
2459191Skris=head1 DESCRIPTION
2559191Skris
2659191SkrisThe B<crl> command processes CRL files in DER or PEM format.
2759191Skris
2859191Skris=head1 COMMAND OPTIONS
2959191Skris
3059191Skris=over 4
3159191Skris
3259191Skris=item B<-inform DER|PEM>
3359191Skris
3459191SkrisThis specifies the input format. B<DER> format is DER encoded CRL
3559191Skrisstructure. B<PEM> (the default) is a base64 encoded version of
3659191Skristhe DER form with header and footer lines.
3759191Skris
3859191Skris=item B<-outform DER|PEM>
3959191Skris
4059191SkrisThis specifies the output format, the options have the same meaning as the 
4159191SkrisB<-inform> option.
4259191Skris
4359191Skris=item B<-in filename>
4459191Skris
4559191SkrisThis specifies the input filename to read from or standard input if this
4659191Skrisoption is not specified.
4759191Skris
4859191Skris=item B<-out filename>
4959191Skris
5059191Skrisspecifies the output filename to write to or standard output by
5159191Skrisdefault.
5259191Skris
5359191Skris=item B<-text>
5459191Skris
5559191Skrisprint out the CRL in text form.
5659191Skris
57269686Sjkim=item B<-nameopt option>
58269686Sjkim
59269686Sjkimoption which determines how the subject or issuer names are displayed. See
60269686Sjkimthe description of B<-nameopt> in L<x509(1)|x509(1)>.
61269686Sjkim
6259191Skris=item B<-noout>
6359191Skris
6459191Skrisdon't output the encoded version of the CRL.
6559191Skris
6659191Skris=item B<-hash>
6759191Skris
6859191Skrisoutput a hash of the issuer name. This can be use to lookup CRLs in
6959191Skrisa directory by issuer name.
7059191Skris
71264331Sjkim=item B<-hash_old>
72264331Sjkim
73264331Sjkimoutputs the "hash" of the CRL issuer name using the older algorithm
74264331Sjkimas used by OpenSSL versions before 1.0.0.
75264331Sjkim
7659191Skris=item B<-issuer>
7759191Skris
7859191Skrisoutput the issuer name.
7959191Skris
8059191Skris=item B<-lastupdate>
8159191Skris
8259191Skrisoutput the lastUpdate field.
8359191Skris
8459191Skris=item B<-nextupdate>
8559191Skris
8659191Skrisoutput the nextUpdate field.
8759191Skris
8859191Skris=item B<-CAfile file>
8959191Skris
9059191Skrisverify the signature on a CRL by looking up the issuing certificate in
9159191SkrisB<file>
9259191Skris
9359191Skris=item B<-CApath dir>
9459191Skris
9559191Skrisverify the signature on a CRL by looking up the issuing certificate in
9659191SkrisB<dir>. This directory must be a standard certificate directory: that
9759191Skrisis a hash of each subject name (using B<x509 -hash>) should be linked
9859191Skristo each certificate.
9959191Skris
10059191Skris=back
10159191Skris
10259191Skris=head1 NOTES
10359191Skris
10459191SkrisThe PEM CRL format uses the header and footer lines:
10559191Skris
10659191Skris -----BEGIN X509 CRL-----
10759191Skris -----END X509 CRL-----
10859191Skris
10959191Skris=head1 EXAMPLES
11059191Skris
11159191SkrisConvert a CRL file from PEM to DER:
11259191Skris
11359191Skris openssl crl -in crl.pem -outform DER -out crl.der
11459191Skris
11559191SkrisOutput the text form of a DER encoded certificate:
11659191Skris
11759191Skris openssl crl -in crl.der -text -noout
11859191Skris
11959191Skris=head1 BUGS
12059191Skris
12159191SkrisIdeally it should be possible to create a CRL using appropriate options
12259191Skrisand files too.
12359191Skris
12459191Skris=head1 SEE ALSO
12559191Skris
12659191SkrisL<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
12759191Skris
12859191Skris=cut
129