1ebfedea0SLionel Sambuc=pod 2ebfedea0SLionel Sambuc 3ebfedea0SLionel Sambuc=head1 NAME 4ebfedea0SLionel Sambuc 5ebfedea0SLionel Sambuccrl - CRL utility 6ebfedea0SLionel Sambuc 7ebfedea0SLionel Sambuc=head1 SYNOPSIS 8ebfedea0SLionel Sambuc 9ebfedea0SLionel SambucB<openssl> B<crl> 10ebfedea0SLionel Sambuc[B<-inform PEM|DER>] 11ebfedea0SLionel Sambuc[B<-outform PEM|DER>] 12ebfedea0SLionel Sambuc[B<-text>] 13ebfedea0SLionel Sambuc[B<-in filename>] 14ebfedea0SLionel Sambuc[B<-out filename>] 15*0a6a1f1dSLionel Sambuc[B<-nameopt option>] 16ebfedea0SLionel Sambuc[B<-noout>] 17ebfedea0SLionel Sambuc[B<-hash>] 18ebfedea0SLionel Sambuc[B<-issuer>] 19ebfedea0SLionel Sambuc[B<-lastupdate>] 20ebfedea0SLionel Sambuc[B<-nextupdate>] 21ebfedea0SLionel Sambuc[B<-CAfile file>] 22ebfedea0SLionel Sambuc[B<-CApath dir>] 23ebfedea0SLionel Sambuc 24ebfedea0SLionel Sambuc=head1 DESCRIPTION 25ebfedea0SLionel Sambuc 26ebfedea0SLionel SambucThe B<crl> command processes CRL files in DER or PEM format. 27ebfedea0SLionel Sambuc 28ebfedea0SLionel Sambuc=head1 COMMAND OPTIONS 29ebfedea0SLionel Sambuc 30ebfedea0SLionel Sambuc=over 4 31ebfedea0SLionel Sambuc 32ebfedea0SLionel Sambuc=item B<-inform DER|PEM> 33ebfedea0SLionel Sambuc 34ebfedea0SLionel SambucThis specifies the input format. B<DER> format is DER encoded CRL 35ebfedea0SLionel Sambucstructure. B<PEM> (the default) is a base64 encoded version of 36ebfedea0SLionel Sambucthe DER form with header and footer lines. 37ebfedea0SLionel Sambuc 38ebfedea0SLionel Sambuc=item B<-outform DER|PEM> 39ebfedea0SLionel Sambuc 40ebfedea0SLionel SambucThis specifies the output format, the options have the same meaning as the 41ebfedea0SLionel SambucB<-inform> option. 42ebfedea0SLionel Sambuc 43ebfedea0SLionel Sambuc=item B<-in filename> 44ebfedea0SLionel Sambuc 45ebfedea0SLionel SambucThis specifies the input filename to read from or standard input if this 46ebfedea0SLionel Sambucoption is not specified. 47ebfedea0SLionel Sambuc 48ebfedea0SLionel Sambuc=item B<-out filename> 49ebfedea0SLionel Sambuc 50ebfedea0SLionel Sambucspecifies the output filename to write to or standard output by 51ebfedea0SLionel Sambucdefault. 52ebfedea0SLionel Sambuc 53ebfedea0SLionel Sambuc=item B<-text> 54ebfedea0SLionel Sambuc 55ebfedea0SLionel Sambucprint out the CRL in text form. 56ebfedea0SLionel Sambuc 57*0a6a1f1dSLionel Sambuc=item B<-nameopt option> 58*0a6a1f1dSLionel Sambuc 59*0a6a1f1dSLionel Sambucoption which determines how the subject or issuer names are displayed. See 60*0a6a1f1dSLionel Sambucthe description of B<-nameopt> in L<x509(1)|x509(1)>. 61*0a6a1f1dSLionel Sambuc 62ebfedea0SLionel Sambuc=item B<-noout> 63ebfedea0SLionel Sambuc 64ebfedea0SLionel Sambucdon't output the encoded version of the CRL. 65ebfedea0SLionel Sambuc 66ebfedea0SLionel Sambuc=item B<-hash> 67ebfedea0SLionel Sambuc 68ebfedea0SLionel Sambucoutput a hash of the issuer name. This can be use to lookup CRLs in 69ebfedea0SLionel Sambuca directory by issuer name. 70ebfedea0SLionel Sambuc 71*0a6a1f1dSLionel Sambuc=item B<-hash_old> 72*0a6a1f1dSLionel Sambuc 73*0a6a1f1dSLionel Sambucoutputs the "hash" of the CRL issuer name using the older algorithm 74*0a6a1f1dSLionel Sambucas used by OpenSSL versions before 1.0.0. 75*0a6a1f1dSLionel Sambuc 76ebfedea0SLionel Sambuc=item B<-issuer> 77ebfedea0SLionel Sambuc 78ebfedea0SLionel Sambucoutput the issuer name. 79ebfedea0SLionel Sambuc 80ebfedea0SLionel Sambuc=item B<-lastupdate> 81ebfedea0SLionel Sambuc 82ebfedea0SLionel Sambucoutput the lastUpdate field. 83ebfedea0SLionel Sambuc 84ebfedea0SLionel Sambuc=item B<-nextupdate> 85ebfedea0SLionel Sambuc 86ebfedea0SLionel Sambucoutput the nextUpdate field. 87ebfedea0SLionel Sambuc 88ebfedea0SLionel Sambuc=item B<-CAfile file> 89ebfedea0SLionel Sambuc 90ebfedea0SLionel Sambucverify the signature on a CRL by looking up the issuing certificate in 91ebfedea0SLionel SambucB<file> 92ebfedea0SLionel Sambuc 93ebfedea0SLionel Sambuc=item B<-CApath dir> 94ebfedea0SLionel Sambuc 95ebfedea0SLionel Sambucverify the signature on a CRL by looking up the issuing certificate in 96ebfedea0SLionel SambucB<dir>. This directory must be a standard certificate directory: that 97ebfedea0SLionel Sambucis a hash of each subject name (using B<x509 -hash>) should be linked 98ebfedea0SLionel Sambucto each certificate. 99ebfedea0SLionel Sambuc 100ebfedea0SLionel Sambuc=back 101ebfedea0SLionel Sambuc 102ebfedea0SLionel Sambuc=head1 NOTES 103ebfedea0SLionel Sambuc 104ebfedea0SLionel SambucThe PEM CRL format uses the header and footer lines: 105ebfedea0SLionel Sambuc 106ebfedea0SLionel Sambuc -----BEGIN X509 CRL----- 107ebfedea0SLionel Sambuc -----END X509 CRL----- 108ebfedea0SLionel Sambuc 109ebfedea0SLionel Sambuc=head1 EXAMPLES 110ebfedea0SLionel Sambuc 111ebfedea0SLionel SambucConvert a CRL file from PEM to DER: 112ebfedea0SLionel Sambuc 113ebfedea0SLionel Sambuc openssl crl -in crl.pem -outform DER -out crl.der 114ebfedea0SLionel Sambuc 115ebfedea0SLionel SambucOutput the text form of a DER encoded certificate: 116ebfedea0SLionel Sambuc 117ebfedea0SLionel Sambuc openssl crl -in crl.der -text -noout 118ebfedea0SLionel Sambuc 119ebfedea0SLionel Sambuc=head1 BUGS 120ebfedea0SLionel Sambuc 121ebfedea0SLionel SambucIdeally it should be possible to create a CRL using appropriate options 122ebfedea0SLionel Sambucand files too. 123ebfedea0SLionel Sambuc 124ebfedea0SLionel Sambuc=head1 SEE ALSO 125ebfedea0SLionel Sambuc 126ebfedea0SLionel SambucL<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 127ebfedea0SLionel Sambuc 128ebfedea0SLionel Sambuc=cut 129