| Current Path : /usr/src/crypto/openssl/doc/apps/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //usr/src/crypto/openssl/doc/apps/crl.pod |
=pod =head1 NAME crl - CRL utility =head1 SYNOPSIS B<openssl> B<crl> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-text>] [B<-in filename>] [B<-out filename>] [B<-noout>] [B<-hash>] [B<-issuer>] [B<-lastupdate>] [B<-nextupdate>] [B<-CAfile file>] [B<-CApath dir>] =head1 DESCRIPTION The B<crl> command processes CRL files in DER or PEM format. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the input format. B<DER> format is DER encoded CRL structure. B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> This specifies the input filename to read from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write to or standard output by default. =item B<-text> print out the CRL in text form. =item B<-noout> don't output the encoded version of the CRL. =item B<-hash> output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. =item B<-issuer> output the issuer name. =item B<-lastupdate> output the lastUpdate field. =item B<-nextupdate> output the nextUpdate field. =item B<-CAfile file> verify the signature on a CRL by looking up the issuing certificate in B<file> =item B<-CApath dir> verify the signature on a CRL by looking up the issuing certificate in B<dir>. This directory must be a standard certificate directory: that is a hash of each subject name (using B<x509 -hash>) should be linked to each certificate. =back =head1 NOTES The PEM CRL format uses the header and footer lines: -----BEGIN X509 CRL----- -----END X509 CRL----- =head1 EXAMPLES Convert a CRL file from PEM to DER: openssl crl -in crl.pem -outform DER -out crl.der Output the text form of a DER encoded certificate: openssl crl -in crl.der -text -noout =head1 BUGS Ideally it should be possible to create a CRL using appropriate options and files too. =head1 SEE ALSO L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> =cut