123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 |
- =pod
- {- OpenSSL::safe::output_do_not_edit_headers(); -}
- =head1 NAME
- openssl-crl - CRL utility
- =head1 SYNOPSIS
- B<openssl> B<crl>
- [B<-help>]
- [B<-inform> B<DER>|B<PEM>]
- [B<-outform> B<DER>|B<PEM>]
- [B<-key> I<filename>]
- [B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
- [B<-text>]
- [B<-in> I<filename>]
- [B<-out> I<filename>]
- [B<-gendelta> I<filename>]
- [B<-badsig>]
- [B<-verify>]
- [B<-noout>]
- [B<-hash>]
- [B<-hash_old>]
- [B<-fingerprint>]
- [B<-crlnumber>]
- [B<-issuer>]
- [B<-lastupdate>]
- [B<-nextupdate>]
- {- $OpenSSL::safe::opt_name_synopsis -}
- {- $OpenSSL::safe::opt_trust_synopsis -}
- =for openssl ifdef hash_old
- =head1 DESCRIPTION
- This command processes CRL files in DER or PEM format.
- =head1 OPTIONS
- =over 4
- =item B<-help>
- Print out a usage message.
- =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
- The input and output formats of the CRL; the default is B<PEM>.
- See L<openssl(1)/Format Options> for details.
- =item B<-key> I<filename>
- The private key to be used to sign the CRL.
- =item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
- The format of the private key file; the default is B<PEM>.
- See L<openssl(1)/Format Options> for details.
- =item B<-in> I<filename>
- This specifies the input filename to read from or standard input if this
- option is not specified.
- =item B<-out> I<filename>
- Specifies the output filename to write to or standard output by
- default.
- =item B<-gendelta> I<filename>
- Output a comparison of the main CRL and the one specified here.
- =item B<-badsig>
- Corrupt the signature before writing it; this can be useful
- for testing.
- =item B<-text>
- Print out the CRL in text form.
- =item B<-verify>
- Verify the signature in the CRL.
- =item B<-noout>
- Don't output the encoded version of the CRL.
- =item B<-fingerprint>
- Output the fingerprint of the CRL.
- =item B<-crlnumber>
- Output the number of the CRL.
- =item B<-hash>
- Output a hash of the issuer name. This can be use to lookup CRLs in
- a directory by issuer name.
- =item B<-hash_old>
- Outputs the "hash" of the CRL issuer name using the older algorithm
- as used by OpenSSL before version 1.0.0.
- =item B<-issuer>
- Output the issuer name.
- =item B<-lastupdate>
- Output the lastUpdate field.
- =item B<-nextupdate>
- Output the nextUpdate field.
- {- $OpenSSL::safe::opt_name_item -}
- {- $OpenSSL::safe::opt_trust_item -}
- =back
- =head1 EXAMPLES
- Convert a CRL file from PEM to DER:
- openssl crl -in crl.pem -outform DER -out crl.der
- Output the text form of a DER encoded certificate:
- openssl crl -in crl.der -inform DER -text -noout
- =head1 BUGS
- Ideally it should be possible to create a CRL using appropriate options
- and files too.
- =head1 SEE ALSO
- L<openssl(1)>,
- L<openssl-crl2pkcs7(1)>,
- L<openssl-ca(1)>,
- L<openssl-x509(1)>,
- L<ossl_store-file(7)>
- =head1 COPYRIGHT
- Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|