openssl-crl(top10.html) - phpMan

CRL(1)                              OpenSSL                             CRL(1)
NAME
       openssl-crl, crl - CRL utility
SYNOPSIS
       openssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-text] [-in
       filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer]
       [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
DESCRIPTION
       The crl command processes CRL files in DER or PEM format.
OPTIONS
       -help
           Print out a usage message.
       -inform DER|PEM
           This specifies the input format. DER format is DER encoded CRL
           structure. PEM (the default) is a base64 encoded version of the DER
           form with header and footer lines.
       -outform DER|PEM
           This specifies the output format, the options have the same meaning
           and default as the -inform option.
       -in filename
           This specifies the input filename to read from or standard input if
           this option is not specified.
       -out filename
           Specifies the output filename to write to or standard output by
           default.
       -text
           Print out the CRL in text form.
       -nameopt option
           Option which determines how the subject or issuer names are
           displayed. See the description of -nameopt in x509(1).
       -noout
           Don't output the encoded version of the CRL.
       -hash
           Output a hash of the issuer name. This can be use to lookup CRLs in
           a directory by issuer name.
       -hash_old
           Outputs the "hash" of the CRL issuer name using the older algorithm
           as used by OpenSSL before version 1.0.0.
       -issuer
           Output the issuer name.
       -lastupdate
           Output the lastUpdate field.
       -nextupdate
           Output the nextUpdate field.
       -CAfile file
           Verify the signature on a CRL by looking up the issuing certificate
           in file.
       -CApath dir
           Verify the signature on a CRL by looking up the issuing certificate
           in dir. This directory must be a standard certificate directory:
           that is a hash of each subject name (using x509 -hash) should be
           linked to each certificate.
NOTES
       The PEM CRL format uses the header and footer lines:
        -----BEGIN X509 CRL-----
        -----END X509 CRL-----
EXAMPLES
       Convert a CRL file from PEM to DER:
        openssl crl -in crl.pem -outform DER -out crl.der
       Output the text form of a DER encoded certificate:
        openssl crl -in crl.der -inform DER -text -noout
BUGS
       Ideally it should be possible to create a CRL using appropriate options
       and files too.
SEE ALSO
       crl2pkcs7(1), ca(1), x509(1)
COPYRIGHT
       Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
       Licensed under the OpenSSL license (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>;.
1.1.1k                            2021-03-25                            CRL(1)