[thirdparty/openssl.git] / doc / man1 / openssl-crl.pod

=pod

=head1 NAME

openssl-crl - CRL utility

=head1 SYNOPSIS

B<openssl> B<crl>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-text>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-nameopt> I<option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
[B<-lastupdate>]
[B<-nextupdate>]
[B<-CAfile> I<file>]
[B<-CApath> I<dir>]

=for openssl ifdef hash_old

=head1 DESCRIPTION

This command processes CRL files in DER or PEM format.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform> B<DER>|B<PEM>

This specifies the input format. B<DER> format is DER encoded CRL
structure. B<PEM> (the default) is a base64 encoded version of
the DER form with header and footer lines.

=item B<-outform> B<DER>|B<PEM>

This specifies the output format, the options have the same meaning and default
as the B<-inform> option.

=item B<-in> I<filename>

This specifies the input filename to read from or standard input if this
option is not specified.

=item B<-out> I<filename>

Specifies the output filename to write to or standard output by
default.

=item B<-text>

Print out the CRL in text form.

=item B<-nameopt> I<option>

Option which determines how the subject or issuer names are displayed. See
the description of B<-nameopt> in L<openssl-x509(1)>.

=item B<-noout>

Don't output the encoded version of the CRL.

=item B<-hash>

Output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.

=item B<-hash_old>

Outputs the "hash" of the CRL issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.

=item B<-issuer>

Output the issuer name.

=item B<-lastupdate>

Output the lastUpdate field.

=item B<-nextupdate>

Output the nextUpdate field.

=item B<-CAfile> I<file>

Verify the signature on a CRL by looking up the issuing certificate in
I<file>.

=item B<-CApath> I<dir>

Verify the signature on a CRL by looking up the issuing certificate in
I<dir>. This directory must be a standard certificate directory: that
is a hash of each subject name (using the L<openssl-x509(1)> B<-hash> option)
should be linked to each certificate.

=back

=head1 NOTES

The PEM CRL format uses the header and footer lines:

 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

=head1 EXAMPLES

Convert a CRL file from PEM to DER:

 openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

 openssl crl -in crl.der -inform DER -text -noout

=head1 BUGS

Ideally it should be possible to create a CRL using appropriate options
and files too.

=head1 SEE ALSO

L<openssl(1)>,
L<openssl-crl2pkcs7(1)>,
L<openssl-ca(1)>,
L<openssl-x509(1)>

=head1 COPYRIGHT

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
938ead8f DSH	1	=pod
	2
	3	=head1 NAME
	4
b6b66573	5	openssl-crl - CRL utility
938ead8f DSH	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<crl>
169394d4	10	[B<-help>]
e8769719	11	[B<-inform> B<DER>\|B<PEM>]
5cf452c7	12	[B<-outform> B<DER>\|B<PEM>]
938ead8f	13	[B<-text>]
e8769719 RS	14	[B<-in> I<filename>]
	15	[B<-out> I<filename>]
	16	[B<-nameopt> I<option>]
938ead8f DSH	17	[B<-noout>]
	18	[B<-hash>]
	19	[B<-issuer>]
	20	[B<-lastupdate>]
	21	[B<-nextupdate>]
e8769719 RS	22	[B<-CAfile> I<file>]
e8769719 RS	23	[B<-CApath> I<dir>]
938ead8f	24
9f3c076b	25	=for openssl ifdef hash_old
1738c0ce	26
938ead8f DSH	27	=head1 DESCRIPTION
938ead8f DSH	28
35a810bb	29	This command processes CRL files in DER or PEM format.
938ead8f	30
3dfda1a6	31	=head1 OPTIONS
938ead8f DSH	32
	33	=over 4
	34
169394d4 MR	35	=item B<-help>
	36
	37	Print out a usage message.
	38
e8769719	39	=item B<-inform> B<DER>\|B<PEM>
938ead8f DSH	40
938ead8f DSH	41	This specifies the input format. B<DER> format is DER encoded CRL
69396b41	42	structure. B<PEM> (the default) is a base64 encoded version of
938ead8f DSH	43	the DER form with header and footer lines.
938ead8f DSH	44
e8769719	45	=item B<-outform> B<DER>\|B<PEM>
938ead8f	46
7477c83e TM	47	This specifies the output format, the options have the same meaning and default
7477c83e TM	48	as the B<-inform> option.
938ead8f	49
e8769719	50	=item B<-in> I<filename>
938ead8f DSH	51
	52	This specifies the input filename to read from or standard input if this
	53	option is not specified.
	54
e8769719	55	=item B<-out> I<filename>
938ead8f	56
c4de074e	57	Specifies the output filename to write to or standard output by
938ead8f DSH	58	default.
	59
	60	=item B<-text>
	61
c4de074e	62	Print out the CRL in text form.
938ead8f	63
e8769719	64	=item B<-nameopt> I<option>
fc1d88f0	65
c4de074e	66	Option which determines how the subject or issuer names are displayed. See
8bc93d2f	67	the description of B<-nameopt> in L<openssl-x509(1)>.
fc1d88f0	68
938ead8f DSH	69	=item B<-noout>
938ead8f DSH	70
c4de074e	71	Don't output the encoded version of the CRL.
938ead8f DSH	72
	73	=item B<-hash>
	74
c4de074e	75	Output a hash of the issuer name. This can be use to lookup CRLs in
938ead8f DSH	76	a directory by issuer name.
938ead8f DSH	77
dbb7654d DSH	78	=item B<-hash_old>
dbb7654d DSH	79
c4de074e	80	Outputs the "hash" of the CRL issuer name using the older algorithm
e90fc053	81	as used by OpenSSL before version 1.0.0.
dbb7654d	82
938ead8f DSH	83	=item B<-issuer>
938ead8f DSH	84
c4de074e	85	Output the issuer name.
938ead8f DSH	86
	87	=item B<-lastupdate>
	88
c4de074e	89	Output the lastUpdate field.
938ead8f DSH	90
	91	=item B<-nextupdate>
	92
c4de074e	93	Output the nextUpdate field.
938ead8f	94
e8769719	95	=item B<-CAfile> I<file>
938ead8f	96
c4de074e	97	Verify the signature on a CRL by looking up the issuing certificate in
2f0ea936	98	I<file>.
938ead8f	99
e8769719	100	=item B<-CApath> I<dir>
938ead8f	101
c4de074e	102	Verify the signature on a CRL by looking up the issuing certificate in
2f0ea936	103	I<dir>. This directory must be a standard certificate directory: that
35a810bb RL	104	is a hash of each subject name (using the L<openssl-x509(1)> B<-hash> option)
35a810bb RL	105	should be linked to each certificate.
938ead8f DSH	106
	107	=back
	108
0cd4498b DSH	109	=head1 NOTES
	110
	111	The PEM CRL format uses the header and footer lines:
	112
	113	-----BEGIN X509 CRL-----
	114	-----END X509 CRL-----
	115
938ead8f DSH	116	=head1 EXAMPLES
	117
	118	Convert a CRL file from PEM to DER:
	119
	120	openssl crl -in crl.pem -outform DER -out crl.der
	121
	122	Output the text form of a DER encoded certificate:
	123
785e614a	124	openssl crl -in crl.der -inform DER -text -noout
938ead8f DSH	125
	126	=head1 BUGS
	127
	128	Ideally it should be possible to create a CRL using appropriate options
	129	and files too.
	130
69396b41 UM	131	=head1 SEE ALSO
69396b41 UM	132
b6b66573 DMSP	133	L<openssl(1)>,
	134	L<openssl-crl2pkcs7(1)>,
	135	L<openssl-ca(1)>,
	136	L<openssl-x509(1)>
938ead8f	137
e2f92610 RS	138	=head1 COPYRIGHT
e2f92610 RS	139
b6b66573	140	Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	141
449040b4	142	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	143	this file except in compliance with the License. You can obtain a copy
	144	in the file LICENSE in the source distribution or at
	145	L<https://www.openssl.org/source/license.html>.
	146
	147	=cut