CRL 1 2000-07-16 0.9.9-dev OpenSSL
NAME
crl - CRL utility
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
ooppeennssssll ccrrll
[--iinnffoorrmm PPEEMM||DDEERR]
[--oouuttffoorrmm PPEEMM||DDEERR]
[--tteexxtt]
[--iinn ffiilleennaammee]
[--oouutt ffiilleennaammee]
[--nnoooouutt]
[--hhaasshh]
[--iissssuueerr]
[--llaassttuuppddaattee]
[--nneexxttuuppddaattee]
[--CCAAffiillee ffiillee]
[--CCAAppaatthh ddiirr]
DESCRIPTION
The ccrrll command processes CRL files in DER or PEM format.
COMMAND OPTIONS
-
--iinnffoorrmm DDEERR||PPEEMM
This specifies the input format. DDEERR format is DER encoded CRL
-
structure. PPEEMM (the default) is a base64 encoded version of
the DER form with header and footer lines.
-
--oouuttffoorrmm DDEERR||PPEEMM
This specifies the output format, the options have the same meaning as the
-
--iinnffoorrmm option.
-
--iinn ffiilleennaammee
This specifies the input filename to read from or standard input if this
-
option is not specified.
-
--oouutt ffiilleennaammee
specifies the output filename to write to or standard output by
-
default.
-
--tteexxtt
print out the CRL in text form.
-
-
--nnoooouutt
don't output the encoded version of the CRL.
-
-
--hhaasshh
output a hash of the issuer name. This can be use to lookup CRLs in
-
a directory by issuer name.
-
--iissssuueerr
output the issuer name.
-
-
--llaassttuuppddaattee
output the lastUpdate field.
-
-
--nneexxttuuppddaattee
output the nextUpdate field.
-
-
--CCAAffiillee ffiillee
verify the signature on a CRL by looking up the issuing certificate in
-
ffiillee
-
--CCAAppaatthh ddiirr
verify the signature on a CRL by looking up the issuing certificate in
-
ddiirr. This directory must be a standard certificate directory: that
is a hash of each subject name (using xx550099 --hhaasshh) should be linked
to each certificate.
NOTES
The PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
BUGS
Ideally it should be possible to create a CRL using appropriate options
and files too.
SEE ALSO
_o_p_e_n_s_s_l___c_r_l_2_p_k_c_s_7(1), _o_p_e_n_s_s_l___c_a(1), _o_p_e_n_s_s_l___x_5_0_9(1)