crl.pod revision 279265
1=pod 2 3=head1 NAME 4 5crl - CRL utility 6 7=head1 SYNOPSIS 8 9B<openssl> B<crl> 10[B<-inform PEM|DER>] 11[B<-outform PEM|DER>] 12[B<-text>] 13[B<-in filename>] 14[B<-out filename>] 15[B<-nameopt option>] 16[B<-noout>] 17[B<-hash>] 18[B<-issuer>] 19[B<-lastupdate>] 20[B<-nextupdate>] 21[B<-CAfile file>] 22[B<-CApath dir>] 23 24=head1 DESCRIPTION 25 26The B<crl> command processes CRL files in DER or PEM format. 27 28=head1 COMMAND OPTIONS 29 30=over 4 31 32=item B<-inform DER|PEM> 33 34This specifies the input format. B<DER> format is DER encoded CRL 35structure. B<PEM> (the default) is a base64 encoded version of 36the DER form with header and footer lines. 37 38=item B<-outform DER|PEM> 39 40This specifies the output format, the options have the same meaning as the 41B<-inform> option. 42 43=item B<-in filename> 44 45This specifies the input filename to read from or standard input if this 46option is not specified. 47 48=item B<-out filename> 49 50specifies the output filename to write to or standard output by 51default. 52 53=item B<-text> 54 55print out the CRL in text form. 56 57=item B<-nameopt option> 58 59option which determines how the subject or issuer names are displayed. See 60the description of B<-nameopt> in L<x509(1)|x509(1)>. 61 62=item B<-noout> 63 64don't output the encoded version of the CRL. 65 66=item B<-hash> 67 68output a hash of the issuer name. This can be use to lookup CRLs in 69a directory by issuer name. 70 71=item B<-issuer> 72 73output the issuer name. 74 75=item B<-lastupdate> 76 77output the lastUpdate field. 78 79=item B<-nextupdate> 80 81output the nextUpdate field. 82 83=item B<-CAfile file> 84 85verify the signature on a CRL by looking up the issuing certificate in 86B<file> 87 88=item B<-CApath dir> 89 90verify the signature on a CRL by looking up the issuing certificate in 91B<dir>. This directory must be a standard certificate directory: that 92is a hash of each subject name (using B<x509 -hash>) should be linked 93to each certificate. 94 95=back 96 97=head1 NOTES 98 99The PEM CRL format uses the header and footer lines: 100 101 -----BEGIN X509 CRL----- 102 -----END X509 CRL----- 103 104=head1 EXAMPLES 105 106Convert a CRL file from PEM to DER: 107 108 openssl crl -in crl.pem -outform DER -out crl.der 109 110Output the text form of a DER encoded certificate: 111 112 openssl crl -in crl.der -text -noout 113 114=head1 BUGS 115 116Ideally it should be possible to create a CRL using appropriate options 117and files too. 118 119=head1 SEE ALSO 120 121L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 122 123=cut 124