crl.pod revision 340704 
1=pod
2
3=head1 NAME
4
5openssl-crl,
6crl - CRL utility
7
8=head1 SYNOPSIS
9
10B<openssl> B<crl>
11[B<-inform PEM|DER>]
12[B<-outform PEM|DER>]
13[B<-text>]
14[B<-in filename>]
15[B<-out filename>]
16[B<-nameopt option>]
17[B<-noout>]
18[B<-hash>]
19[B<-issuer>]
20[B<-lastupdate>]
21[B<-nextupdate>]
22[B<-CAfile file>]
23[B<-CApath dir>]
24
25=head1 DESCRIPTION
26
27The B<crl> command processes CRL files in DER or PEM format.
28
29=head1 COMMAND OPTIONS
30
31=over 4
32
33=item B<-inform DER|PEM>
34
35This specifies the input format. B<DER> format is DER encoded CRL
36structure. B<PEM> (the default) is a base64 encoded version of
37the DER form with header and footer lines.
38
39=item B<-outform DER|PEM>
40
41This specifies the output format, the options have the same meaning as the 
42B<-inform> option.
43
44=item B<-in filename>
45
46This specifies the input filename to read from or standard input if this
47option is not specified.
48
49=item B<-out filename>
50
51specifies the output filename to write to or standard output by
52default.
53
54=item B<-text>
55
56print out the CRL in text form.
57
58=item B<-nameopt option>
59
60option which determines how the subject or issuer names are displayed. See
61the description of B<-nameopt> in L<x509(1)|x509(1)>.
62
63=item B<-noout>
64
65don't output the encoded version of the CRL.
66
67=item B<-hash>
68
69output a hash of the issuer name. This can be use to lookup CRLs in
70a directory by issuer name.
71
72=item B<-hash_old>
73
74outputs the "hash" of the CRL issuer name using the older algorithm
75as used by OpenSSL versions before 1.0.0.
76
77=item B<-issuer>
78
79output the issuer name.
80
81=item B<-lastupdate>
82
83output the lastUpdate field.
84
85=item B<-nextupdate>
86
87output the nextUpdate field.
88
89=item B<-CAfile file>
90
91verify the signature on a CRL by looking up the issuing certificate in
92B<file>
93
94=item B<-CApath dir>
95
96verify the signature on a CRL by looking up the issuing certificate in
97B<dir>. This directory must be a standard certificate directory: that
98is a hash of each subject name (using B<x509 -hash>) should be linked
99to each certificate.
100
101=back
102
103=head1 NOTES
104
105The PEM CRL format uses the header and footer lines:
106
107 -----BEGIN X509 CRL-----
108 -----END X509 CRL-----
109
110=head1 EXAMPLES
111
112Convert a CRL file from PEM to DER:
113
114 openssl crl -in crl.pem -outform DER -out crl.der
115
116Output the text form of a DER encoded certificate:
117
118 openssl crl -in crl.der -inform DER -text -noout
119
120=head1 BUGS
121
122Ideally it should be possible to create a CRL using appropriate options
123and files too.
124
125=head1 SEE ALSO
126
127L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
128
129=cut
130