=pod =head1 NAME crl - CRL utility =head1 SYNOPSIS B B [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-text>] [B<-in filename>] [B<-out filename>] [B<-nameopt option>] [B<-noout>] [B<-hash>] [B<-issuer>] [B<-lastupdate>] [B<-nextupdate>] [B<-CAfile file>] [B<-CApath dir>] =head1 DESCRIPTION The B command processes CRL files in DER or PEM format. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the input format. B format is DER encoded CRL structure. B (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> This specifies the input filename to read from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write to or standard output by default. =item B<-text> print out the CRL in text form. =item B<-nameopt option> option which determines how the subject or issuer names are displayed. See the description of B<-nameopt> in L. =item B<-noout> don't output the encoded version of the CRL. =item B<-hash> output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. =item B<-hash_old> outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0. =item B<-issuer> output the issuer name. =item B<-lastupdate> output the lastUpdate field. =item B<-nextupdate> output the nextUpdate field. =item B<-CAfile file> verify the signature on a CRL by looking up the issuing certificate in B =item B<-CApath dir> verify the signature on a CRL by looking up the issuing certificate in B. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. =back =head1 NOTES The PEM CRL format uses the header and footer lines: -----BEGIN X509 CRL----- -----END X509 CRL----- =head1 EXAMPLES Convert a CRL file from PEM to DER: openssl crl -in crl.pem -outform DER -out crl.der Output the text form of a DER encoded certificate: openssl crl -in crl.der -text -noout =head1 BUGS Ideally it should be possible to create a CRL using appropriate options and files too. =head1 SEE ALSO L, L, L =cut