| version 1.36, 2016/07/20 14:42:03 |
version 1.37, 2016/07/21 16:34:08 |
|
|
| .It Cm SHA1 , SHA |
.It Cm SHA1 , SHA |
| Cipher suites using SHA1. |
Cipher suites using SHA1. |
| .El |
.El |
| .\" |
|
| .\" CRL |
|
| .\" |
|
| .Sh CRL |
.Sh CRL |
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl crl" |
.Nm "openssl crl" |
| .Bk -words |
|
| .Op Fl CAfile Ar file |
.Op Fl CAfile Ar file |
| .Op Fl CApath Ar dir |
.Op Fl CApath Ar dir |
| .Op Fl fingerprint |
.Op Fl fingerprint |
|
|
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl outform Ar DER | PEM |
.Op Fl outform Ar DER | PEM |
| .Op Fl text |
.Op Fl text |
| .Ek |
|
| .nr nS 0 |
.nr nS 0 |
| .Pp |
.Pp |
| The |
The |
| .Nm crl |
.Nm crl |
| command processes CRL files in DER or PEM format. |
command processes CRL files in DER or PEM format. |
| .Pp |
.Pp |
| |
.Cm DER |
| |
is a DER-encoded CRL structure. |
| |
.Cm PEM , |
| |
the default, |
| |
is a base64-encoded version of the DER form with header and footer lines. |
| |
The PEM CRL format uses the header and footer lines: |
| |
.Bd -unfilled -offset indent |
| |
-----BEGIN X509 CRL----- |
| |
-----END X509 CRL----- |
| |
.Ed |
| |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl CAfile Ar file |
.It Fl CAfile Ar file |
|
|
| Output a hash of the issuer name. |
Output a hash of the issuer name. |
| This can be used to look up CRLs in a directory by issuer name. |
This can be used to look up CRLs in a directory by issuer name. |
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input file to read from, or standard input if this |
The input file to read from, or standard input if not specified. |
| option is not specified. |
.It Fl inform Cm DER | PEM |
| .It Fl inform Ar DER | PEM |
The input format. |
| This specifies the input format. |
|
| .Ar DER |
|
| format is a DER-encoded CRL structure. |
|
| .Ar PEM |
|
| .Pq the default |
|
| is a base64-encoded version of the DER form with header and footer lines. |
|
| .It Fl issuer |
.It Fl issuer |
| Output the issuer name. |
Output the issuer name. |
| .It Fl lastupdate |
.It Fl lastupdate |
| Output the |
Output the |
| .Ar lastUpdate |
.Cm lastUpdate |
| field. |
field. |
| .It Fl nextupdate |
.It Fl nextupdate |
| Output the |
Output the |
| .Ar nextUpdate |
.Cm nextUpdate |
| field. |
field. |
| .It Fl noout |
.It Fl noout |
| Don't output the encoded version of the CRL. |
Don't output the encoded version of the CRL. |
| .It Fl out Ar file |
.It Fl out Ar file |
| Specifies the output file to write to, or standard output by |
The output file to write to, or standard output if not specified. |
| default. |
.It Fl outform Cm DER | PEM |
| .It Fl outform Ar DER | PEM |
The output format. |
| This specifies the output format; the options have the same meaning as the |
|
| .Fl inform |
|
| option. |
|
| .It Fl text |
.It Fl text |
| Print out the CRL in text form. |
Print out the CRL in text form. |
| .El |
.El |
| .Sh CRL NOTES |
|
| The PEM CRL format uses the header and footer lines: |
|
| .Bd -unfilled -offset indent |
|
| -----BEGIN X509 CRL----- |
|
| -----END X509 CRL----- |
|
| .Ed |
|
| .Sh CRL EXAMPLES |
|
| Convert a CRL file from PEM to DER: |
|
| .Pp |
|
| .Dl $ openssl crl -in crl.pem -outform DER -out crl.der |
|
| .Pp |
|
| Output the text form of a DER-encoded certificate: |
|
| .Pp |
|
| .Dl $ openssl crl -in crl.der -inform DER -text -noout |
|
| .Sh CRL BUGS |
|
| Ideally, it should be possible to create a CRL using appropriate options |
|
| and files too. |
|
| .\" |
.\" |
| .\" CRL2PKCS7 |
.\" CRL2PKCS7 |
| .\" |
.\" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl