[thirdparty/openssl.git] / doc / man1 / openssl-crl.pod

=pod

=head1 NAME

openssl-crl - CRL utility

=head1 SYNOPSIS

B<openssl> B<crl>
[B<-help>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-text>]
[B<-in filename>]
[B<-out filename>]
[B<-nameopt option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
[B<-lastupdate>]
[B<-nextupdate>]
[B<-CAfile file>]
[B<-CApath dir>]

=head1 DESCRIPTION

The B<crl> command processes CRL files in DER or PEM format.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform DER|PEM>

This specifies the input format. B<DER> format is DER encoded CRL
structure. B<PEM> (the default) is a base64 encoded version of
the DER form with header and footer lines.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning and default
as the B<-inform> option.

=item B<-in filename>

This specifies the input filename to read from or standard input if this
option is not specified.

=item B<-out filename>

Specifies the output filename to write to or standard output by
default.

=item B<-text>

Print out the CRL in text form.

=item B<-nameopt option>

Option which determines how the subject or issuer names are displayed. See
the description of B<-nameopt> in L<x509(1)>.

=item B<-noout>

Don't output the encoded version of the CRL.

=item B<-hash>

Output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.

=item B<-hash_old>

Outputs the "hash" of the CRL issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.

=item B<-issuer>

Output the issuer name.

=item B<-lastupdate>

Output the lastUpdate field.

=item B<-nextupdate>

Output the nextUpdate field.

=item B<-CAfile file>

Verify the signature on a CRL by looking up the issuing certificate in
B<file>.

=item B<-CApath dir>

Verify the signature on a CRL by looking up the issuing certificate in
B<dir>. This directory must be a standard certificate directory: that
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.

=back

=head1 NOTES

The PEM CRL format uses the header and footer lines:

 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

=head1 EXAMPLES

Convert a CRL file from PEM to DER:

 openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

 openssl crl -in crl.der -inform DER -text -noout

=head1 BUGS

Ideally it should be possible to create a CRL using appropriate options
and files too.

=head1 SEE ALSO

L<openssl(1)>,
L<openssl-crl2pkcs7(1)>,
L<openssl-ca(1)>,
L<openssl-x509(1)>

=head1 COPYRIGHT

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
938ead8f DSH	1	=pod
	2
	3	=head1 NAME
	4
b6b66573	5	openssl-crl - CRL utility
938ead8f DSH	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<crl>
169394d4	10	[B<-help>]
938ead8f DSH	11	[B<-inform PEM\|DER>]
	12	[B<-outform PEM\|DER>]
	13	[B<-text>]
	14	[B<-in filename>]
	15	[B<-out filename>]
fc1d88f0	16	[B<-nameopt option>]
938ead8f DSH	17	[B<-noout>]
	18	[B<-hash>]
	19	[B<-issuer>]
	20	[B<-lastupdate>]
	21	[B<-nextupdate>]
	22	[B<-CAfile file>]
	23	[B<-CApath dir>]
	24
	25	=head1 DESCRIPTION
	26
	27	The B<crl> command processes CRL files in DER or PEM format.
	28
3dfda1a6	29	=head1 OPTIONS
938ead8f DSH	30
	31	=over 4
	32
169394d4 MR	33	=item B<-help>
	34
	35	Print out a usage message.
	36
938ead8f DSH	37	=item B<-inform DER\|PEM>
	38
	39	This specifies the input format. B<DER> format is DER encoded CRL
69396b41	40	structure. B<PEM> (the default) is a base64 encoded version of
938ead8f DSH	41	the DER form with header and footer lines.
	42
	43	=item B<-outform DER\|PEM>
	44
7477c83e TM	45	This specifies the output format, the options have the same meaning and default
7477c83e TM	46	as the B<-inform> option.
938ead8f DSH	47
	48	=item B<-in filename>
	49
	50	This specifies the input filename to read from or standard input if this
	51	option is not specified.
	52
	53	=item B<-out filename>
	54
c4de074e	55	Specifies the output filename to write to or standard output by
938ead8f DSH	56	default.
	57
	58	=item B<-text>
	59
c4de074e	60	Print out the CRL in text form.
938ead8f	61
fc1d88f0 RS	62	=item B<-nameopt option>
fc1d88f0 RS	63
c4de074e	64	Option which determines how the subject or issuer names are displayed. See
9b86974e	65	the description of B<-nameopt> in L<x509(1)>.
fc1d88f0	66
938ead8f DSH	67	=item B<-noout>
938ead8f DSH	68
c4de074e	69	Don't output the encoded version of the CRL.
938ead8f DSH	70
	71	=item B<-hash>
	72
c4de074e	73	Output a hash of the issuer name. This can be use to lookup CRLs in
938ead8f DSH	74	a directory by issuer name.
938ead8f DSH	75
dbb7654d DSH	76	=item B<-hash_old>
dbb7654d DSH	77
c4de074e	78	Outputs the "hash" of the CRL issuer name using the older algorithm
e90fc053	79	as used by OpenSSL before version 1.0.0.
dbb7654d	80
938ead8f DSH	81	=item B<-issuer>
938ead8f DSH	82
c4de074e	83	Output the issuer name.
938ead8f DSH	84
	85	=item B<-lastupdate>
	86
c4de074e	87	Output the lastUpdate field.
938ead8f DSH	88
	89	=item B<-nextupdate>
	90
c4de074e	91	Output the nextUpdate field.
938ead8f DSH	92
	93	=item B<-CAfile file>
	94
c4de074e P	95	Verify the signature on a CRL by looking up the issuing certificate in
c4de074e P	96	B<file>.
938ead8f DSH	97
	98	=item B<-CApath dir>
	99
c4de074e	100	Verify the signature on a CRL by looking up the issuing certificate in
938ead8f DSH	101	B<dir>. This directory must be a standard certificate directory: that
	102	is a hash of each subject name (using B<x509 -hash>) should be linked
	103	to each certificate.
	104
	105	=back
	106
0cd4498b DSH	107	=head1 NOTES
	108
	109	The PEM CRL format uses the header and footer lines:
	110
	111	-----BEGIN X509 CRL-----
	112	-----END X509 CRL-----
	113
938ead8f DSH	114	=head1 EXAMPLES
	115
	116	Convert a CRL file from PEM to DER:
	117
	118	openssl crl -in crl.pem -outform DER -out crl.der
	119
	120	Output the text form of a DER encoded certificate:
	121
785e614a	122	openssl crl -in crl.der -inform DER -text -noout
938ead8f DSH	123
	124	=head1 BUGS
	125
	126	Ideally it should be possible to create a CRL using appropriate options
	127	and files too.
	128
69396b41 UM	129	=head1 SEE ALSO
69396b41 UM	130
b6b66573 DMSP	131	L<openssl(1)>,
	132	L<openssl-crl2pkcs7(1)>,
	133	L<openssl-ca(1)>,
	134	L<openssl-x509(1)>
938ead8f	135
e2f92610 RS	136	=head1 COPYRIGHT
e2f92610 RS	137
b6b66573	138	Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	139
449040b4	140	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	141	this file except in compliance with the License. You can obtain a copy
	142	in the file LICENSE in the source distribution or at
	143	L<https://www.openssl.org/source/license.html>.
	144
	145	=cut