Chapter 10   Pretty Print CRL Tool


You can use the Pretty Print CRL tool to print the contents of a CRL stored as ASCII base-64-encoded data in a human-readable form.

The chapter has the following sections:

• Availability

• Syntax

• Example

Availability

---

This tool is available for AIX 4.3, OSF/1 v4.0D, Solaris 2.6 (SunOS 5.6), Solaris 8, and Windows NT 4.0.

Syntax

---

To run the Pretty Print CRL tool, type the following command:

PrettyPrintCrl[.bat] <input_file> [<output-file>]

.bat specifies the file extension; this is required only when running the utility on a Windows NT system.

<input_file> specifies the path to the file that contains the base-64 encoded CRL.

<output_file> specifies the path to the file to write the CRL. This argument is optional; if you don't specify an output file, the CRL information is written to the standard output.

Example

---

PrettyPrintCrl.bat C:\test\crl.in C:\test\crl.out

The above command takes the base-64 encoded CRL in the crl.in file and writes the CRL in the pretty-print form to the output file named crl.out.

The base-64 encoded CRL (content of the crl.in file) would look similar to this:

-----BEGIN CRL-----

MIIBkjCBAIBATANBgkqhkiG9w0BAQQFADAsMREwDwYDVQQKEwhOZXRzY2FwZTEXMBUGA1UEA
xMOQ2VydDQwIFRlc3QgQ0EXDTk4MTIxNzIyMzcyNFowgaowIAIBExcNOTgxMjE1MTMxODMyW
jAMMAoGA1UdFQQDCgEBMCACARIXDTk4MTIxNTEzMjA0MlowDDAKBgNVHRUEAwoBAjAgAgERF
w05ODEyMTYxMjUxNTRaMAwwCgYDVR0VBAMKAQEwIAIBEBcNOTgxMjE3MTAzNzI0WjAMMAoGA
1UdFQQDCgEDMCACAQoXDTk4MTEyNTEzMTExOFowDDAKBgNVHRUEAwoBATANBgkqhkiG9w0BQ
QFAAOBgQBCN85O0GPTnHfImYPROvoorx7HyFz2ZsuKsVblTcemsX0NL7DtOa+MyY0pPrkXgm
157JrkxEJ7GBOeogbAS6iFbmeSqPHj8+JBH5stJNnfTCuhaM6Wx63Wc9LwZXOXTPsvpGxq0Y
I0+DPfBZlI3z4lCsNczxJV+9NkeMrheEg==

-----END CRL-----

The CRL in pretty-print form (content of the crl.out file) would look similar to this:

Certificate Revocation List:

   Data:

      Version: v2

      Signature Algorithm: MD5withRSA - 1.2.840.113549.1.1.4

      Issuer: CN=Cert40 Test CA,O=Netscape

      This Update: Thu Dec 17 14:37:24 PST 1998

      Revoked Certificates:

         Serial Number: 0x13
         Revocation Date: Tuesday, December 15, 1998 5:18:32 AM
         Extensions:
            Identifier: Revocation Reason - 2.5.29.21
            Critical: no
            Reason: Key_Compromise

         Serial Number: 0x12
         Revocation Date: Tuesday, December 15, 1998 5:20:42 AM
         Extensions:
            Identifier: Revocation Reason - 2.5.29.21
            Critical: no
            Reason: CA_Compromise

         Serial Number: 0x11
         Revocation Date: Wednesday, December 16, 1998 4:51:54 AM
         Extensions:
            Identifier: Revocation Reason - 2.5.29.21
            Critical: no
            Reason: Key_Compromise

         Serial Number: 0x10
         Revocation Date: Thursday, December 17, 1998 2:37:24 AM
         Extensions:
            Identifier: Revocation Reason - 2.5.29.21
            Critical: no
            Reason: Affiliation_Changed

         Serial Number: 0xA
         Revocation Date: Wednesday, November 25, 1998 5:11:18 AM
         Extensions:
            Identifier: Revocation Reason - 2.5.29.21
            Critical: no
            Reason: Key_Compromise

      Signature:
         Algorithm: MD5withRSA - 1.2.840.113549.1.1.4
         Signature:
            42:37:CE:4E:D0:63:D3:9C:77:C8:99:83:D1:3A:FA:28:
            AF:1E:C7:C8:5C:F6:66:CB:8A:B1:56:E5:4D:C7:A6:B1:
            7D:0D:2F:B0:ED:39:AF:8C:C9:8D:29:3E:B9:17:82:6D:
            79:EC:9A:E4:C4:42:7B:18:13:9E:A2:06:C0:4B:A8:85:
            6E:67:92:A8:F1:E3:F3:E2:41:1F:9B:2D:24:D9:DF:4C:
            2B:A1:68:CE:96:C7:AF:F7:5B:F7:3D:2F:06:57:39:74:
            CF:B2:FA:46:C6:AD:18:60:8D:3E:0C:F7:C1:66:52:37:
            CF:89:42:B0:D7:33:C4:95:7E:F4:D9:1E:32:B8:5E:12: