crl - CRL utility
openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
CRL(1openssl) OpenSSL CRL(1openssl)
NAME
openssl-crl, crl - CRL utility
SYNOPSIS
openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
[-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
[-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
DESCRIPTION
The crl command processes CRL files in DER or PEM format.
COMMAND OPTIONS
-inform DER|PEM
This specifies the input format. DER format is DER encoded CRL
structure. PEM (the default) is a base64 encoded version of the DER
form with header and footer lines.
-outform DER|PEM
This specifies the output format, the options have the same meaning
as the -inform option.
-in filename
This specifies the input filename to read from or standard input if
this option is not specified.
-out filename
specifies the output filename to write to or standard output by
default.
-text
print out the CRL in text form.
-nameopt option
option which determines how the subject or issuer names are
displayed. See the description of -nameopt in x509(1).
-noout
don't output the encoded version of the CRL.
-hash
output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
-hash_old
outputs the "hash" of the CRL issuer name using the older algorithm
as used by OpenSSL versions before 1.0.0.
-issuer
output the issuer name.
-lastupdate
output the lastUpdate field.
-nextupdate
output the nextUpdate field.
-CAfile file
verify the signature on a CRL by looking up the issuing certificate
in file
-CApath dir
verify the signature on a CRL by looking up the issuing certificate
in dir. This directory must be a standard certificate directory:
that is a hash of each subject name (using x509 -hash) should be
linked to each certificate.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | library/security/openssl |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
NOTES
The PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
https://www.openssl.org/source/openssl-1.0.2ze.tar.gz.
Further information about this software can be found on the open source
community website at https://www.openssl.org/.
EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -inform DER -text -noout
BUGS
Ideally it should be possible to create a CRL using appropriate options
and files too.
SEE ALSO
crl2pkcs7(1), ca(1), x509(1)
1.0.2ze 2022-05-03 CRL(1openssl)