from small one page howto to huge articles all in one place
 

search text in:





Poll
Which linux distribution do you use?







poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

186380

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

250361

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

137543

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





CRL

Section: OpenSSL (1)
Updated: 2017-05-25
Index Return to Main Contents
 

NAME

crl - CRL utility  

SYNOPSIS

openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]  

DESCRIPTION

The crl command processes CRL files in DER or PEM format.  

COMMAND OPTIONS

-inform DER|PEM
This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.
-outform DER|PEM
This specifies the output format, the options have the same meaning as the -inform option.
-in filename
This specifies the input filename to read from or standard input if this option is not specified.
-out filename
specifies the output filename to write to or standard output by default.
-text
print out the CRL in text form.
-nameopt option
option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).
-noout
don't output the encoded version of the CRL.
-hash
output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.
-hash_old
outputs the ``hash'' of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0.
-issuer
output the issuer name.
-lastupdate
output the lastUpdate field.
-nextupdate
output the nextUpdate field.
-CAfile file
verify the signature on a CRL by looking up the issuing certificate in file
-CApath dir
verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.
 

NOTES

The PEM CRL format uses the header and footer lines:

 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

 

EXAMPLES

Convert a CRL file from PEM to DER:

 openssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

 openssl crl -in crl.der -text -noout

 

BUGS

Ideally it should be possible to create a CRL using appropriate options and files too.  

SEE ALSO

crl2pkcs7(1), ca(1), x509(1)


 

Index

NAME
SYNOPSIS
DESCRIPTION
COMMAND OPTIONS
NOTES
EXAMPLES
BUGS
SEE ALSO





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 19.5 ms