]>
Commit | Line | Data |
---|---|---|
938ead8f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-crl - CRL utility |
938ead8f DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<crl> | |
169394d4 | 10 | [B<-help>] |
e8769719 | 11 | [B<-inform> B<DER>|B<PEM>] |
5cf452c7 | 12 | [B<-outform> B<DER>|B<PEM>] |
938ead8f | 13 | [B<-text>] |
e8769719 RS |
14 | [B<-in> I<filename>] |
15 | [B<-out> I<filename>] | |
16 | [B<-nameopt> I<option>] | |
938ead8f DSH |
17 | [B<-noout>] |
18 | [B<-hash>] | |
19 | [B<-issuer>] | |
20 | [B<-lastupdate>] | |
21 | [B<-nextupdate>] | |
e8769719 RS |
22 | [B<-CAfile> I<file>] |
23 | [B<-CApath> I<dir>] | |
938ead8f | 24 | |
9f3c076b | 25 | =for openssl ifdef hash_old |
1738c0ce | 26 | |
938ead8f DSH |
27 | =head1 DESCRIPTION |
28 | ||
35a810bb | 29 | This command processes CRL files in DER or PEM format. |
938ead8f | 30 | |
3dfda1a6 | 31 | =head1 OPTIONS |
938ead8f DSH |
32 | |
33 | =over 4 | |
34 | ||
169394d4 MR |
35 | =item B<-help> |
36 | ||
37 | Print out a usage message. | |
38 | ||
e8769719 | 39 | =item B<-inform> B<DER>|B<PEM> |
938ead8f DSH |
40 | |
41 | This specifies the input format. B<DER> format is DER encoded CRL | |
69396b41 | 42 | structure. B<PEM> (the default) is a base64 encoded version of |
938ead8f DSH |
43 | the DER form with header and footer lines. |
44 | ||
e8769719 | 45 | =item B<-outform> B<DER>|B<PEM> |
938ead8f | 46 | |
7477c83e TM |
47 | This specifies the output format, the options have the same meaning and default |
48 | as the B<-inform> option. | |
938ead8f | 49 | |
e8769719 | 50 | =item B<-in> I<filename> |
938ead8f DSH |
51 | |
52 | This specifies the input filename to read from or standard input if this | |
53 | option is not specified. | |
54 | ||
e8769719 | 55 | =item B<-out> I<filename> |
938ead8f | 56 | |
c4de074e | 57 | Specifies the output filename to write to or standard output by |
938ead8f DSH |
58 | default. |
59 | ||
60 | =item B<-text> | |
61 | ||
c4de074e | 62 | Print out the CRL in text form. |
938ead8f | 63 | |
e8769719 | 64 | =item B<-nameopt> I<option> |
fc1d88f0 | 65 | |
c4de074e | 66 | Option which determines how the subject or issuer names are displayed. See |
8bc93d2f | 67 | the description of B<-nameopt> in L<openssl-x509(1)>. |
fc1d88f0 | 68 | |
938ead8f DSH |
69 | =item B<-noout> |
70 | ||
c4de074e | 71 | Don't output the encoded version of the CRL. |
938ead8f DSH |
72 | |
73 | =item B<-hash> | |
74 | ||
c4de074e | 75 | Output a hash of the issuer name. This can be use to lookup CRLs in |
938ead8f DSH |
76 | a directory by issuer name. |
77 | ||
dbb7654d DSH |
78 | =item B<-hash_old> |
79 | ||
c4de074e | 80 | Outputs the "hash" of the CRL issuer name using the older algorithm |
e90fc053 | 81 | as used by OpenSSL before version 1.0.0. |
dbb7654d | 82 | |
938ead8f DSH |
83 | =item B<-issuer> |
84 | ||
c4de074e | 85 | Output the issuer name. |
938ead8f DSH |
86 | |
87 | =item B<-lastupdate> | |
88 | ||
c4de074e | 89 | Output the lastUpdate field. |
938ead8f DSH |
90 | |
91 | =item B<-nextupdate> | |
92 | ||
c4de074e | 93 | Output the nextUpdate field. |
938ead8f | 94 | |
e8769719 | 95 | =item B<-CAfile> I<file> |
938ead8f | 96 | |
c4de074e | 97 | Verify the signature on a CRL by looking up the issuing certificate in |
2f0ea936 | 98 | I<file>. |
938ead8f | 99 | |
e8769719 | 100 | =item B<-CApath> I<dir> |
938ead8f | 101 | |
c4de074e | 102 | Verify the signature on a CRL by looking up the issuing certificate in |
2f0ea936 | 103 | I<dir>. This directory must be a standard certificate directory: that |
35a810bb RL |
104 | is a hash of each subject name (using the L<openssl-x509(1)> B<-hash> option) |
105 | should be linked to each certificate. | |
938ead8f DSH |
106 | |
107 | =back | |
108 | ||
0cd4498b DSH |
109 | =head1 NOTES |
110 | ||
111 | The PEM CRL format uses the header and footer lines: | |
112 | ||
113 | -----BEGIN X509 CRL----- | |
114 | -----END X509 CRL----- | |
115 | ||
938ead8f DSH |
116 | =head1 EXAMPLES |
117 | ||
118 | Convert a CRL file from PEM to DER: | |
119 | ||
120 | openssl crl -in crl.pem -outform DER -out crl.der | |
121 | ||
122 | Output the text form of a DER encoded certificate: | |
123 | ||
785e614a | 124 | openssl crl -in crl.der -inform DER -text -noout |
938ead8f DSH |
125 | |
126 | =head1 BUGS | |
127 | ||
128 | Ideally it should be possible to create a CRL using appropriate options | |
129 | and files too. | |
130 | ||
69396b41 UM |
131 | =head1 SEE ALSO |
132 | ||
b6b66573 DMSP |
133 | L<openssl(1)>, |
134 | L<openssl-crl2pkcs7(1)>, | |
135 | L<openssl-ca(1)>, | |
136 | L<openssl-x509(1)> | |
938ead8f | 137 | |
e2f92610 RS |
138 | =head1 COPYRIGHT |
139 | ||
b6b66573 | 140 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 141 | |
449040b4 | 142 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
143 | this file except in compliance with the License. You can obtain a copy |
144 | in the file LICENSE in the source distribution or at | |
145 | L<https://www.openssl.org/source/license.html>. | |
146 | ||
147 | =cut |