crl(1ssl)crl(1ssl)NAMEcrl - CRL utility
SYNOPSIS
openssl crl [-inform PEM | DER] [-outform PEM | DER] [-text] [-in file‐
name] [-out filename] [-noout] [-hash] [-issuer] [-lastupdate] [-nex‐
tupdate] [-CAfile file] [-CApath dir]
OPTIONS
Specifies the input format. The DER format is DER encoded CRL struc‐
ture. The PEM format (the default) is a base64 encoded version of the
DER form with header and footer lines. Specifies the output format.
The options have the same meaning as the -inform option. Specifies the
input filename to read from or standard input if this option is not
specified. Specifies the output filename to write to or standard out‐
put by default. Prints out the CRL in text form. Does not output the
encoded version of the CRL. Outputs a hash of the issuer name. This
can be used to lookup CRLs in a directory by issuer name. Outputs the
issuer name. Outputs the lastupdate field. Outputs the nextupdate
field. Verifies the signature on a CRL by looking up the issuing cer‐
tificate in file Verifies the signature on a CRL by looking up the
issuing certificate in dir. This directory must be a standard certifi‐
cate directory; that is, a hash of each subject name (using x509 -hash)
should be linked to each certificate.
DESCRIPTION
The crl command processes CRL files in DER or PEM format.
NOTES
The PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
RESTRICTIONS
Ideally it should be possible to create a CRL using appropriate options
and files.
EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl-in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl-in crl.der -text -noout
SEE ALSO
Commands: crl2pkcs7(1ssl), ca(1), x509(1ssl)crl(1ssl)