CRL 1 2000-07-16 0.9.9-dev OpenSSL

NAME

crl - CRL utility

LIBRARY

libcrypto, -lcrypto

SYNOPSIS

ooppeennssssll ccrrll [--iinnffoorrmm PPEEMM||DDEERR] [--oouuttffoorrmm PPEEMM||DDEERR] [--tteexxtt] [--iinn ffiilleennaammee] [--oouutt ffiilleennaammee] [--nnoooouutt] [--hhaasshh] [--iissssuueerr] [--llaassttuuppddaattee] [--nneexxttuuppddaattee] [--CCAAffiillee ffiillee] [--CCAAppaatthh ddiirr]

DESCRIPTION

The ccrrll command processes CRL files in DER or PEM format.

COMMAND OPTIONS

--iinnffoorrmm DDEERR||PPEEMM This specifies the input format. DDEERR format is DER encoded CRL
structure. PPEEMM (the default) is a base64 encoded version of the DER form with header and footer lines.
--oouuttffoorrmm DDEERR||PPEEMM This specifies the output format, the options have the same meaning as the
--iinnffoorrmm option.
--iinn ffiilleennaammee This specifies the input filename to read from or standard input if this
option is not specified.
--oouutt ffiilleennaammee specifies the output filename to write to or standard output by
default.
--tteexxtt print out the CRL in text form.
--nnoooouutt don't output the encoded version of the CRL.
--hhaasshh output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
--iissssuueerr output the issuer name.
--llaassttuuppddaattee output the lastUpdate field.
--nneexxttuuppddaattee output the nextUpdate field.
--CCAAffiillee ffiillee verify the signature on a CRL by looking up the issuing certificate in
ffiillee
--CCAAppaatthh ddiirr verify the signature on a CRL by looking up the issuing certificate in
ddiirr. This directory must be a standard certificate directory: that is a hash of each subject name (using xx550099 --hhaasshh) should be linked to each certificate.

NOTES

The PEM CRL format uses the header and footer lines:


 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

EXAMPLES

Convert a CRL file from PEM to DER:


 openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:


 openssl crl -in crl.der -text -noout

BUGS

Ideally it should be possible to create a CRL using appropriate options and files too.

SEE ALSO

_o_p_e_n_s_s_l___c_r_l_2_p_k_c_s_7(1), _o_p_e_n_s_s_l___c_a(1), _o_p_e_n_s_s_l___x_5_0_9(1)