crl.pod revision 340704
1=pod 2 3=head1 NAME 4 5openssl-crl, 6crl - CRL utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<crl> 11[B<-inform PEM|DER>] 12[B<-outform PEM|DER>] 13[B<-text>] 14[B<-in filename>] 15[B<-out filename>] 16[B<-nameopt option>] 17[B<-noout>] 18[B<-hash>] 19[B<-issuer>] 20[B<-lastupdate>] 21[B<-nextupdate>] 22[B<-CAfile file>] 23[B<-CApath dir>] 24 25=head1 DESCRIPTION 26 27The B<crl> command processes CRL files in DER or PEM format. 28 29=head1 COMMAND OPTIONS 30 31=over 4 32 33=item B<-inform DER|PEM> 34 35This specifies the input format. B<DER> format is DER encoded CRL 36structure. B<PEM> (the default) is a base64 encoded version of 37the DER form with header and footer lines. 38 39=item B<-outform DER|PEM> 40 41This specifies the output format, the options have the same meaning as the 42B<-inform> option. 43 44=item B<-in filename> 45 46This specifies the input filename to read from or standard input if this 47option is not specified. 48 49=item B<-out filename> 50 51specifies the output filename to write to or standard output by 52default. 53 54=item B<-text> 55 56print out the CRL in text form. 57 58=item B<-nameopt option> 59 60option which determines how the subject or issuer names are displayed. See 61the description of B<-nameopt> in L<x509(1)|x509(1)>. 62 63=item B<-noout> 64 65don't output the encoded version of the CRL. 66 67=item B<-hash> 68 69output a hash of the issuer name. This can be use to lookup CRLs in 70a directory by issuer name. 71 72=item B<-hash_old> 73 74outputs the "hash" of the CRL issuer name using the older algorithm 75as used by OpenSSL versions before 1.0.0. 76 77=item B<-issuer> 78 79output the issuer name. 80 81=item B<-lastupdate> 82 83output the lastUpdate field. 84 85=item B<-nextupdate> 86 87output the nextUpdate field. 88 89=item B<-CAfile file> 90 91verify the signature on a CRL by looking up the issuing certificate in 92B<file> 93 94=item B<-CApath dir> 95 96verify the signature on a CRL by looking up the issuing certificate in 97B<dir>. This directory must be a standard certificate directory: that 98is a hash of each subject name (using B<x509 -hash>) should be linked 99to each certificate. 100 101=back 102 103=head1 NOTES 104 105The PEM CRL format uses the header and footer lines: 106 107 -----BEGIN X509 CRL----- 108 -----END X509 CRL----- 109 110=head1 EXAMPLES 111 112Convert a CRL file from PEM to DER: 113 114 openssl crl -in crl.pem -outform DER -out crl.der 115 116Output the text form of a DER encoded certificate: 117 118 openssl crl -in crl.der -inform DER -text -noout 119 120=head1 BUGS 121 122Ideally it should be possible to create a CRL using appropriate options 123and files too. 124 125=head1 SEE ALSO 126 127L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 128 129=cut 130