Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Thursday, March 14, 2019
 
 

crl (1openssl)

Name

crl - CRL utility

Synopsis

openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
[-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
[-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

Description

CRL(1openssl)                       OpenSSL                      CRL(1openssl)



NAME
       openssl-crl, crl - CRL utility

SYNOPSIS
       openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename]
       [-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
       [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

DESCRIPTION
       The crl command processes CRL files in DER or PEM format.

COMMAND OPTIONS
       -inform DER|PEM
           This specifies the input format. DER format is DER encoded CRL
           structure. PEM (the default) is a base64 encoded version of the DER
           form with header and footer lines.

       -outform DER|PEM
           This specifies the output format, the options have the same meaning
           as the -inform option.

       -in filename
           This specifies the input filename to read from or standard input if
           this option is not specified.

       -out filename
           specifies the output filename to write to or standard output by
           default.

       -text
           print out the CRL in text form.

       -nameopt option
           option which determines how the subject or issuer names are
           displayed. See the description of -nameopt in x509(1).

       -noout
           don't output the encoded version of the CRL.

       -hash
           output a hash of the issuer name. This can be use to lookup CRLs in
           a directory by issuer name.

       -hash_old
           outputs the "hash" of the CRL issuer name using the older algorithm
           as used by OpenSSL versions before 1.0.0.

       -issuer
           output the issuer name.

       -lastupdate
           output the lastUpdate field.

       -nextupdate
           output the nextUpdate field.

       -CAfile file
           verify the signature on a CRL by looking up the issuing certificate
           in file

       -CApath dir
           verify the signature on a CRL by looking up the issuing certificate
           in dir. This directory must be a standard certificate directory:
           that is a hash of each subject name (using x509 -hash) should be
           linked to each certificate.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+--------------------------+
       |ATTRIBUTE TYPE |     ATTRIBUTE VALUE      |
       +---------------+--------------------------+
       |Availability   | library/security/openssl |
       +---------------+--------------------------+
       |Stability      | Pass-through uncommitted |
       +---------------+--------------------------+
NOTES
       The PEM CRL format uses the header and footer lines:

        -----BEGIN X509 CRL-----
        -----END X509 CRL-----

EXAMPLES
       Convert a CRL file from PEM to DER:

        openssl crl -in crl.pem -outform DER -out crl.der

       Output the text form of a DER encoded certificate:

        openssl crl -in crl.der -text -noout

BUGS
       Ideally it should be possible to create a CRL using appropriate options
       and files too.

SEE ALSO
       crl2pkcs7(1), ca(1), x509(1)


       This software was built from source available at
       https://github.com/oracle/solaris-userland.  The original community
       source was downloaded from
       https://www.openssl.org/source/openssl-1.0.2o.tar.gz

       Further information about this software can be found on the open source
       community website at https://www.openssl.org/.



1.0.2o                            2018-03-27                     CRL(1openssl)