1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948crl - CRL utility 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948B<openssl> B<crl> 10*2175Sjp161948[B<-inform PEM|DER>] 11*2175Sjp161948[B<-outform PEM|DER>] 12*2175Sjp161948[B<-text>] 13*2175Sjp161948[B<-in filename>] 14*2175Sjp161948[B<-out filename>] 15*2175Sjp161948[B<-noout>] 16*2175Sjp161948[B<-hash>] 17*2175Sjp161948[B<-issuer>] 18*2175Sjp161948[B<-lastupdate>] 19*2175Sjp161948[B<-nextupdate>] 20*2175Sjp161948[B<-CAfile file>] 21*2175Sjp161948[B<-CApath dir>] 22*2175Sjp161948 23*2175Sjp161948=head1 DESCRIPTION 24*2175Sjp161948 25*2175Sjp161948The B<crl> command processes CRL files in DER or PEM format. 26*2175Sjp161948 27*2175Sjp161948=head1 COMMAND OPTIONS 28*2175Sjp161948 29*2175Sjp161948=over 4 30*2175Sjp161948 31*2175Sjp161948=item B<-inform DER|PEM> 32*2175Sjp161948 33*2175Sjp161948This specifies the input format. B<DER> format is DER encoded CRL 34*2175Sjp161948structure. B<PEM> (the default) is a base64 encoded version of 35*2175Sjp161948the DER form with header and footer lines. 36*2175Sjp161948 37*2175Sjp161948=item B<-outform DER|PEM> 38*2175Sjp161948 39*2175Sjp161948This specifies the output format, the options have the same meaning as the 40*2175Sjp161948B<-inform> option. 41*2175Sjp161948 42*2175Sjp161948=item B<-in filename> 43*2175Sjp161948 44*2175Sjp161948This specifies the input filename to read from or standard input if this 45*2175Sjp161948option is not specified. 46*2175Sjp161948 47*2175Sjp161948=item B<-out filename> 48*2175Sjp161948 49*2175Sjp161948specifies the output filename to write to or standard output by 50*2175Sjp161948default. 51*2175Sjp161948 52*2175Sjp161948=item B<-text> 53*2175Sjp161948 54*2175Sjp161948print out the CRL in text form. 55*2175Sjp161948 56*2175Sjp161948=item B<-noout> 57*2175Sjp161948 58*2175Sjp161948don't output the encoded version of the CRL. 59*2175Sjp161948 60*2175Sjp161948=item B<-hash> 61*2175Sjp161948 62*2175Sjp161948output a hash of the issuer name. This can be use to lookup CRLs in 63*2175Sjp161948a directory by issuer name. 64*2175Sjp161948 65*2175Sjp161948=item B<-issuer> 66*2175Sjp161948 67*2175Sjp161948output the issuer name. 68*2175Sjp161948 69*2175Sjp161948=item B<-lastupdate> 70*2175Sjp161948 71*2175Sjp161948output the lastUpdate field. 72*2175Sjp161948 73*2175Sjp161948=item B<-nextupdate> 74*2175Sjp161948 75*2175Sjp161948output the nextUpdate field. 76*2175Sjp161948 77*2175Sjp161948=item B<-CAfile file> 78*2175Sjp161948 79*2175Sjp161948verify the signature on a CRL by looking up the issuing certificate in 80*2175Sjp161948B<file> 81*2175Sjp161948 82*2175Sjp161948=item B<-CApath dir> 83*2175Sjp161948 84*2175Sjp161948verify the signature on a CRL by looking up the issuing certificate in 85*2175Sjp161948B<dir>. This directory must be a standard certificate directory: that 86*2175Sjp161948is a hash of each subject name (using B<x509 -hash>) should be linked 87*2175Sjp161948to each certificate. 88*2175Sjp161948 89*2175Sjp161948=back 90*2175Sjp161948 91*2175Sjp161948=head1 NOTES 92*2175Sjp161948 93*2175Sjp161948The PEM CRL format uses the header and footer lines: 94*2175Sjp161948 95*2175Sjp161948 -----BEGIN X509 CRL----- 96*2175Sjp161948 -----END X509 CRL----- 97*2175Sjp161948 98*2175Sjp161948=head1 EXAMPLES 99*2175Sjp161948 100*2175Sjp161948Convert a CRL file from PEM to DER: 101*2175Sjp161948 102*2175Sjp161948 openssl crl -in crl.pem -outform DER -out crl.der 103*2175Sjp161948 104*2175Sjp161948Output the text form of a DER encoded certificate: 105*2175Sjp161948 106*2175Sjp161948 openssl crl -in crl.der -text -noout 107*2175Sjp161948 108*2175Sjp161948=head1 BUGS 109*2175Sjp161948 110*2175Sjp161948Ideally it should be possible to create a CRL using appropriate options 111*2175Sjp161948and files too. 112*2175Sjp161948 113*2175Sjp161948=head1 SEE ALSO 114*2175Sjp161948 115*2175Sjp161948L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 116*2175Sjp161948 117*2175Sjp161948=cut 118