1=pod 2 3=head1 NAME 4 5openssl-crl, 6crl - CRL utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<crl> 11[B<-help>] 12[B<-inform PEM|DER>] 13[B<-outform PEM|DER>] 14[B<-text>] 15[B<-in filename>] 16[B<-out filename>] 17[B<-nameopt option>] 18[B<-noout>] 19[B<-hash>] 20[B<-issuer>] 21[B<-lastupdate>] 22[B<-nextupdate>] 23[B<-CAfile file>] 24[B<-CApath dir>] 25 26=head1 DESCRIPTION 27 28The B<crl> command processes CRL files in DER or PEM format. 29 30=head1 OPTIONS 31 32=over 4 33 34=item B<-help> 35 36Print out a usage message. 37 38=item B<-inform DER|PEM> 39 40This specifies the input format. B<DER> format is DER encoded CRL 41structure. B<PEM> (the default) is a base64 encoded version of 42the DER form with header and footer lines. 43 44=item B<-outform DER|PEM> 45 46This specifies the output format, the options have the same meaning and default 47as the B<-inform> option. 48 49=item B<-in filename> 50 51This specifies the input filename to read from or standard input if this 52option is not specified. 53 54=item B<-out filename> 55 56Specifies the output filename to write to or standard output by 57default. 58 59=item B<-text> 60 61Print out the CRL in text form. 62 63=item B<-nameopt option> 64 65Option which determines how the subject or issuer names are displayed. See 66the description of B<-nameopt> in L<x509(1)>. 67 68=item B<-noout> 69 70Don't output the encoded version of the CRL. 71 72=item B<-hash> 73 74Output a hash of the issuer name. This can be use to lookup CRLs in 75a directory by issuer name. 76 77=item B<-hash_old> 78 79Outputs the "hash" of the CRL issuer name using the older algorithm 80as used by OpenSSL before version 1.0.0. 81 82=item B<-issuer> 83 84Output the issuer name. 85 86=item B<-lastupdate> 87 88Output the lastUpdate field. 89 90=item B<-nextupdate> 91 92Output the nextUpdate field. 93 94=item B<-CAfile file> 95 96Verify the signature on a CRL by looking up the issuing certificate in 97B<file>. 98 99=item B<-CApath dir> 100 101Verify the signature on a CRL by looking up the issuing certificate in 102B<dir>. This directory must be a standard certificate directory: that 103is a hash of each subject name (using B<x509 -hash>) should be linked 104to each certificate. 105 106=back 107 108=head1 NOTES 109 110The PEM CRL format uses the header and footer lines: 111 112 -----BEGIN X509 CRL----- 113 -----END X509 CRL----- 114 115=head1 EXAMPLES 116 117Convert a CRL file from PEM to DER: 118 119 openssl crl -in crl.pem -outform DER -out crl.der 120 121Output the text form of a DER encoded certificate: 122 123 openssl crl -in crl.der -inform DER -text -noout 124 125=head1 BUGS 126 127Ideally it should be possible to create a CRL using appropriate options 128and files too. 129 130=head1 SEE ALSO 131 132L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)> 133 134=head1 COPYRIGHT 135 136Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. 137 138Licensed under the OpenSSL license (the "License"). You may not use 139this file except in compliance with the License. You can obtain a copy 140in the file LICENSE in the source distribution or at 141L<https://www.openssl.org/source/license.html>. 142 143=cut 144