Name

crl

Synopsis

The crl command is used to examine and verify the validity of certificate revocation lists. The command can be used to display the contents of a CRL in human-readable form. It can also be used to convert CRLs between DER and PEM formats.

Options

-in filename

Specify the name of the file containing a CRL to be examined or verified. If this option is omitted, stdin is used.

-inform DER|PEM

Specify the format of the CRL that will be examined or verified. Possible formats are DER or PEM. If this option is omitted, PEM is the default format.

-out filename

Specify the name of a file to which the command’s output will be written. If this option is omitted, stdout is used.

-outform DER|PEM

Specify the format of the CRL that will be written out by the command. If this option is omitted, the default is PEM.

-text

Cause a human-readable text representation of the CRL to be written to the output destination.

-noout

Suppress the output of the CRL in DER or PEM format. By default, the input CRL is also output, except when the CRL’s signature is being verified.

-hash

Cause a hash of the CRL’s issuer name to be written to the output destination. The hash can be used to look up CRLs in a directory by issuer name in which the standard filename for each CRL is the hash of the issuer’s name and an extension of “.0”.

-issuer

Cause the CRL issuer’s name to be written to the output destination.

-lastupdate

Cause the CRL’s lastUpdate field to be written to the output destination. ...

Get Network Security with OpenSSL now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial