crl - CRL utility
openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
CRL(1openssl) OpenSSL CRL(1openssl) NAME openssl-crl, crl - CRL utility SYNOPSIS openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir] DESCRIPTION The crl command processes CRL files in DER or PEM format. COMMAND OPTIONS -inform DER|PEM This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines. -outform DER|PEM This specifies the output format, the options have the same meaning as the -inform option. -in filename This specifies the input filename to read from or standard input if this option is not specified. -out filename specifies the output filename to write to or standard output by default. -text print out the CRL in text form. -nameopt option option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1). -noout don't output the encoded version of the CRL. -hash output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. -hash_old outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0. -issuer output the issuer name. -lastupdate output the lastUpdate field. -nextupdate output the nextUpdate field. -CAfile file verify the signature on a CRL by looking up the issuing certificate in file -CApath dir verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+--------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+--------------------------+ |Availability | library/security/openssl | +---------------+--------------------------+ |Stability | Pass-through uncommitted | +---------------+--------------------------+ NOTES The PEM CRL format uses the header and footer lines: -----BEGIN X509 CRL----- -----END X509 CRL----- Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from https://www.openssl.org/source/openssl-1.0.2ze.tar.gz. Further information about this software can be found on the open source community website at https://www.openssl.org/. EXAMPLES Convert a CRL file from PEM to DER: openssl crl -in crl.pem -outform DER -out crl.der Output the text form of a DER encoded certificate: openssl crl -in crl.der -inform DER -text -noout BUGS Ideally it should be possible to create a CRL using appropriate options and files too. SEE ALSO crl2pkcs7(1), ca(1), x509(1) 1.0.2ze 2022-05-03 CRL(1openssl)