version 1.36, 2016/07/20 14:42:03 |
version 1.37, 2016/07/21 16:34:08 |
|
|
.It Cm SHA1 , SHA |
.It Cm SHA1 , SHA |
Cipher suites using SHA1. |
Cipher suites using SHA1. |
.El |
.El |
.\" |
|
.\" CRL |
|
.\" |
|
.Sh CRL |
.Sh CRL |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl crl" |
.Nm "openssl crl" |
.Bk -words |
|
.Op Fl CAfile Ar file |
.Op Fl CAfile Ar file |
.Op Fl CApath Ar dir |
.Op Fl CApath Ar dir |
.Op Fl fingerprint |
.Op Fl fingerprint |
|
|
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Ar DER | PEM |
.Op Fl text |
.Op Fl text |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
.Nm crl |
.Nm crl |
command processes CRL files in DER or PEM format. |
command processes CRL files in DER or PEM format. |
.Pp |
.Pp |
|
.Cm DER |
|
is a DER-encoded CRL structure. |
|
.Cm PEM , |
|
the default, |
|
is a base64-encoded version of the DER form with header and footer lines. |
|
The PEM CRL format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN X509 CRL----- |
|
-----END X509 CRL----- |
|
.Ed |
|
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl CAfile Ar file |
.It Fl CAfile Ar file |
|
|
Output a hash of the issuer name. |
Output a hash of the issuer name. |
This can be used to look up CRLs in a directory by issuer name. |
This can be used to look up CRLs in a directory by issuer name. |
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input file to read from, or standard input if this |
The input file to read from, or standard input if not specified. |
option is not specified. |
.It Fl inform Cm DER | PEM |
.It Fl inform Ar DER | PEM |
The input format. |
This specifies the input format. |
|
.Ar DER |
|
format is a DER-encoded CRL structure. |
|
.Ar PEM |
|
.Pq the default |
|
is a base64-encoded version of the DER form with header and footer lines. |
|
.It Fl issuer |
.It Fl issuer |
Output the issuer name. |
Output the issuer name. |
.It Fl lastupdate |
.It Fl lastupdate |
Output the |
Output the |
.Ar lastUpdate |
.Cm lastUpdate |
field. |
field. |
.It Fl nextupdate |
.It Fl nextupdate |
Output the |
Output the |
.Ar nextUpdate |
.Cm nextUpdate |
field. |
field. |
.It Fl noout |
.It Fl noout |
Don't output the encoded version of the CRL. |
Don't output the encoded version of the CRL. |
.It Fl out Ar file |
.It Fl out Ar file |
Specifies the output file to write to, or standard output by |
The output file to write to, or standard output if not specified. |
default. |
.It Fl outform Cm DER | PEM |
.It Fl outform Ar DER | PEM |
The output format. |
This specifies the output format; the options have the same meaning as the |
|
.Fl inform |
|
option. |
|
.It Fl text |
.It Fl text |
Print out the CRL in text form. |
Print out the CRL in text form. |
.El |
.El |
.Sh CRL NOTES |
|
The PEM CRL format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN X509 CRL----- |
|
-----END X509 CRL----- |
|
.Ed |
|
.Sh CRL EXAMPLES |
|
Convert a CRL file from PEM to DER: |
|
.Pp |
|
.Dl $ openssl crl -in crl.pem -outform DER -out crl.der |
|
.Pp |
|
Output the text form of a DER-encoded certificate: |
|
.Pp |
|
.Dl $ openssl crl -in crl.der -inform DER -text -noout |
|
.Sh CRL BUGS |
|
Ideally, it should be possible to create a CRL using appropriate options |
|
and files too. |
|
.\" |
.\" |
.\" CRL2PKCS7 |
.\" CRL2PKCS7 |
.\" |
.\" |