159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skriscrl - CRL utility 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl> B<crl> 1059191Skris[B<-inform PEM|DER>] 1159191Skris[B<-outform PEM|DER>] 1259191Skris[B<-text>] 1359191Skris[B<-in filename>] 1459191Skris[B<-out filename>] 15269686Sjkim[B<-nameopt option>] 1659191Skris[B<-noout>] 1759191Skris[B<-hash>] 1859191Skris[B<-issuer>] 1959191Skris[B<-lastupdate>] 2059191Skris[B<-nextupdate>] 2159191Skris[B<-CAfile file>] 2259191Skris[B<-CApath dir>] 2359191Skris 2459191Skris=head1 DESCRIPTION 2559191Skris 2659191SkrisThe B<crl> command processes CRL files in DER or PEM format. 2759191Skris 2859191Skris=head1 COMMAND OPTIONS 2959191Skris 3059191Skris=over 4 3159191Skris 3259191Skris=item B<-inform DER|PEM> 3359191Skris 3459191SkrisThis specifies the input format. B<DER> format is DER encoded CRL 3559191Skrisstructure. B<PEM> (the default) is a base64 encoded version of 3659191Skristhe DER form with header and footer lines. 3759191Skris 3859191Skris=item B<-outform DER|PEM> 3959191Skris 4059191SkrisThis specifies the output format, the options have the same meaning as the 4159191SkrisB<-inform> option. 4259191Skris 4359191Skris=item B<-in filename> 4459191Skris 4559191SkrisThis specifies the input filename to read from or standard input if this 4659191Skrisoption is not specified. 4759191Skris 4859191Skris=item B<-out filename> 4959191Skris 5059191Skrisspecifies the output filename to write to or standard output by 5159191Skrisdefault. 5259191Skris 5359191Skris=item B<-text> 5459191Skris 5559191Skrisprint out the CRL in text form. 5659191Skris 57269686Sjkim=item B<-nameopt option> 58269686Sjkim 59269686Sjkimoption which determines how the subject or issuer names are displayed. See 60269686Sjkimthe description of B<-nameopt> in L<x509(1)|x509(1)>. 61269686Sjkim 6259191Skris=item B<-noout> 6359191Skris 6459191Skrisdon't output the encoded version of the CRL. 6559191Skris 6659191Skris=item B<-hash> 6759191Skris 6859191Skrisoutput a hash of the issuer name. This can be use to lookup CRLs in 6959191Skrisa directory by issuer name. 7059191Skris 71264331Sjkim=item B<-hash_old> 72264331Sjkim 73264331Sjkimoutputs the "hash" of the CRL issuer name using the older algorithm 74264331Sjkimas used by OpenSSL versions before 1.0.0. 75264331Sjkim 7659191Skris=item B<-issuer> 7759191Skris 7859191Skrisoutput the issuer name. 7959191Skris 8059191Skris=item B<-lastupdate> 8159191Skris 8259191Skrisoutput the lastUpdate field. 8359191Skris 8459191Skris=item B<-nextupdate> 8559191Skris 8659191Skrisoutput the nextUpdate field. 8759191Skris 8859191Skris=item B<-CAfile file> 8959191Skris 9059191Skrisverify the signature on a CRL by looking up the issuing certificate in 9159191SkrisB<file> 9259191Skris 9359191Skris=item B<-CApath dir> 9459191Skris 9559191Skrisverify the signature on a CRL by looking up the issuing certificate in 9659191SkrisB<dir>. This directory must be a standard certificate directory: that 9759191Skrisis a hash of each subject name (using B<x509 -hash>) should be linked 9859191Skristo each certificate. 9959191Skris 10059191Skris=back 10159191Skris 10259191Skris=head1 NOTES 10359191Skris 10459191SkrisThe PEM CRL format uses the header and footer lines: 10559191Skris 10659191Skris -----BEGIN X509 CRL----- 10759191Skris -----END X509 CRL----- 10859191Skris 10959191Skris=head1 EXAMPLES 11059191Skris 11159191SkrisConvert a CRL file from PEM to DER: 11259191Skris 11359191Skris openssl crl -in crl.pem -outform DER -out crl.der 11459191Skris 11559191SkrisOutput the text form of a DER encoded certificate: 11659191Skris 11759191Skris openssl crl -in crl.der -text -noout 11859191Skris 11959191Skris=head1 BUGS 12059191Skris 12159191SkrisIdeally it should be possible to create a CRL using appropriate options 12259191Skrisand files too. 12359191Skris 12459191Skris=head1 SEE ALSO 12559191Skris 12659191SkrisL<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 12759191Skris 12859191Skris=cut 129