xref: /freebsd/crypto/openssl/doc/man1/openssl-crl.pod.in (revision 44096ebd22ddd0081a357011714eff8963614b65)
1b077aed3SPierre Pronchery=pod
2b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -}
3b077aed3SPierre Pronchery
4b077aed3SPierre Pronchery=head1 NAME
5b077aed3SPierre Pronchery
6b077aed3SPierre Proncheryopenssl-crl - CRL command
7b077aed3SPierre Pronchery
8b077aed3SPierre Pronchery=head1 SYNOPSIS
9b077aed3SPierre Pronchery
10b077aed3SPierre ProncheryB<openssl> B<crl>
11b077aed3SPierre Pronchery[B<-help>]
12b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>]
13b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>]
14b077aed3SPierre Pronchery[B<-key> I<filename>]
15b077aed3SPierre Pronchery[B<-keyform> B<DER>|B<PEM>|B<P12>]
16b077aed3SPierre Pronchery[B<-dateopt>]
17b077aed3SPierre Pronchery[B<-text>]
18b077aed3SPierre Pronchery[B<-in> I<filename>]
19b077aed3SPierre Pronchery[B<-out> I<filename>]
20b077aed3SPierre Pronchery[B<-gendelta> I<filename>]
21b077aed3SPierre Pronchery[B<-badsig>]
22b077aed3SPierre Pronchery[B<-verify>]
23b077aed3SPierre Pronchery[B<-noout>]
24b077aed3SPierre Pronchery[B<-hash>]
25b077aed3SPierre Pronchery[B<-hash_old>]
26b077aed3SPierre Pronchery[B<-fingerprint>]
27b077aed3SPierre Pronchery[B<-crlnumber>]
28b077aed3SPierre Pronchery[B<-issuer>]
29b077aed3SPierre Pronchery[B<-lastupdate>]
30b077aed3SPierre Pronchery[B<-nextupdate>]
31b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_name_synopsis -}
32b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_trust_synopsis -}
33b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -}
34b077aed3SPierre Pronchery
35b077aed3SPierre Pronchery=head1 DESCRIPTION
36b077aed3SPierre Pronchery
37b077aed3SPierre ProncheryThis command processes CRL files in DER or PEM format.
38b077aed3SPierre Pronchery
39b077aed3SPierre Pronchery=head1 OPTIONS
40b077aed3SPierre Pronchery
41b077aed3SPierre Pronchery=over 4
42b077aed3SPierre Pronchery
43b077aed3SPierre Pronchery=item B<-help>
44b077aed3SPierre Pronchery
45b077aed3SPierre ProncheryPrint out a usage message.
46b077aed3SPierre Pronchery
47b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM>
48b077aed3SPierre Pronchery
49b077aed3SPierre ProncheryThe CRL input format; unspecified by default.
50b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details.
51b077aed3SPierre Pronchery
52b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM>
53b077aed3SPierre Pronchery
54b077aed3SPierre ProncheryThe CRL output format; the default is B<PEM>.
55b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details.
56b077aed3SPierre Pronchery
57b077aed3SPierre Pronchery=item B<-key> I<filename>
58b077aed3SPierre Pronchery
59b077aed3SPierre ProncheryThe private key to be used to sign the CRL.
60b077aed3SPierre Pronchery
61b077aed3SPierre Pronchery=item B<-keyform> B<DER>|B<PEM>|B<P12>
62b077aed3SPierre Pronchery
63b077aed3SPierre ProncheryThe format of the private key file; unspecified by default.
64b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details.
65b077aed3SPierre Pronchery
66b077aed3SPierre Pronchery=item B<-in> I<filename>
67b077aed3SPierre Pronchery
68b077aed3SPierre ProncheryThis specifies the input filename to read from or standard input if this
69b077aed3SPierre Proncheryoption is not specified.
70b077aed3SPierre Pronchery
71b077aed3SPierre Pronchery=item B<-out> I<filename>
72b077aed3SPierre Pronchery
73b077aed3SPierre ProncherySpecifies the output filename to write to or standard output by
74b077aed3SPierre Proncherydefault.
75b077aed3SPierre Pronchery
76b077aed3SPierre Pronchery=item B<-gendelta> I<filename>
77b077aed3SPierre Pronchery
78b077aed3SPierre ProncheryOutput a comparison of the main CRL and the one specified here.
79b077aed3SPierre Pronchery
80b077aed3SPierre Pronchery=item B<-badsig>
81b077aed3SPierre Pronchery
82b077aed3SPierre ProncheryCorrupt the signature before writing it; this can be useful
83b077aed3SPierre Proncheryfor testing.
84b077aed3SPierre Pronchery
85b077aed3SPierre Pronchery=item B<-dateopt>
86b077aed3SPierre Pronchery
87b077aed3SPierre ProncherySpecify the date output format. Values are: rfc_822 and iso_8601.
88b077aed3SPierre ProncheryDefaults to rfc_822.
89b077aed3SPierre Pronchery
90b077aed3SPierre Pronchery=item B<-text>
91b077aed3SPierre Pronchery
92b077aed3SPierre ProncheryPrint out the CRL in text form.
93b077aed3SPierre Pronchery
94b077aed3SPierre Pronchery=item B<-verify>
95b077aed3SPierre Pronchery
96b077aed3SPierre ProncheryVerify the signature in the CRL.
97b077aed3SPierre Pronchery
98*44096ebdSEnji CooperThis option is implicitly enabled if any of B<-CApath>, B<-CAfile>
99*44096ebdSEnji Cooperor B<-CAstore> is specified.
100*44096ebdSEnji Cooper
101b077aed3SPierre Pronchery=item B<-noout>
102b077aed3SPierre Pronchery
103b077aed3SPierre ProncheryDon't output the encoded version of the CRL.
104b077aed3SPierre Pronchery
105b077aed3SPierre Pronchery=item B<-fingerprint>
106b077aed3SPierre Pronchery
107b077aed3SPierre ProncheryOutput the fingerprint of the CRL.
108b077aed3SPierre Pronchery
109b077aed3SPierre Pronchery=item B<-crlnumber>
110b077aed3SPierre Pronchery
111b077aed3SPierre ProncheryOutput the number of the CRL.
112b077aed3SPierre Pronchery
113b077aed3SPierre Pronchery=item B<-hash>
114b077aed3SPierre Pronchery
115b077aed3SPierre ProncheryOutput a hash of the issuer name. This can be use to lookup CRLs in
116b077aed3SPierre Proncherya directory by issuer name.
117b077aed3SPierre Pronchery
118b077aed3SPierre Pronchery=item B<-hash_old>
119b077aed3SPierre Pronchery
120b077aed3SPierre ProncheryOutputs the "hash" of the CRL issuer name using the older algorithm
121b077aed3SPierre Proncheryas used by OpenSSL before version 1.0.0.
122b077aed3SPierre Pronchery
123b077aed3SPierre Pronchery=item B<-issuer>
124b077aed3SPierre Pronchery
125b077aed3SPierre ProncheryOutput the issuer name.
126b077aed3SPierre Pronchery
127b077aed3SPierre Pronchery=item B<-lastupdate>
128b077aed3SPierre Pronchery
129b077aed3SPierre ProncheryOutput the lastUpdate field.
130b077aed3SPierre Pronchery
131b077aed3SPierre Pronchery=item B<-nextupdate>
132b077aed3SPierre Pronchery
133b077aed3SPierre ProncheryOutput the nextUpdate field.
134b077aed3SPierre Pronchery
135b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_name_item -}
136b077aed3SPierre Pronchery
137b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_trust_item -}
138b077aed3SPierre Pronchery
139b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -}
140b077aed3SPierre Pronchery
141b077aed3SPierre Pronchery=back
142b077aed3SPierre Pronchery
143b077aed3SPierre Pronchery=head1 EXAMPLES
144b077aed3SPierre Pronchery
145b077aed3SPierre ProncheryConvert a CRL file from PEM to DER:
146b077aed3SPierre Pronchery
147b077aed3SPierre Pronchery openssl crl -in crl.pem -outform DER -out crl.der
148b077aed3SPierre Pronchery
149b077aed3SPierre ProncheryOutput the text form of a DER encoded certificate:
150b077aed3SPierre Pronchery
151b077aed3SPierre Pronchery openssl crl -in crl.der -text -noout
152b077aed3SPierre Pronchery
153b077aed3SPierre Pronchery=head1 BUGS
154b077aed3SPierre Pronchery
155b077aed3SPierre ProncheryIdeally it should be possible to create a CRL using appropriate options
156b077aed3SPierre Proncheryand files too.
157b077aed3SPierre Pronchery
158b077aed3SPierre Pronchery=head1 SEE ALSO
159b077aed3SPierre Pronchery
160b077aed3SPierre ProncheryL<openssl(1)>,
161b077aed3SPierre ProncheryL<openssl-crl2pkcs7(1)>,
162b077aed3SPierre ProncheryL<openssl-ca(1)>,
163b077aed3SPierre ProncheryL<openssl-x509(1)>,
164b077aed3SPierre ProncheryL<ossl_store-file(7)>
165b077aed3SPierre Pronchery
166b077aed3SPierre Pronchery=head1 COPYRIGHT
167b077aed3SPierre Pronchery
168*44096ebdSEnji CooperCopyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
169b077aed3SPierre Pronchery
170b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
171b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
172b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
173b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
174b077aed3SPierre Pronchery
175b077aed3SPierre Pronchery=cut
176