1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3b077aed3SPierre Pronchery 4b077aed3SPierre Pronchery=head1 NAME 5b077aed3SPierre Pronchery 6b077aed3SPierre Proncheryopenssl-crl - CRL command 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 SYNOPSIS 9b077aed3SPierre Pronchery 10b077aed3SPierre ProncheryB<openssl> B<crl> 11b077aed3SPierre Pronchery[B<-help>] 12b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>] 13b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 14b077aed3SPierre Pronchery[B<-key> I<filename>] 15b077aed3SPierre Pronchery[B<-keyform> B<DER>|B<PEM>|B<P12>] 16b077aed3SPierre Pronchery[B<-dateopt>] 17b077aed3SPierre Pronchery[B<-text>] 18b077aed3SPierre Pronchery[B<-in> I<filename>] 19b077aed3SPierre Pronchery[B<-out> I<filename>] 20b077aed3SPierre Pronchery[B<-gendelta> I<filename>] 21b077aed3SPierre Pronchery[B<-badsig>] 22b077aed3SPierre Pronchery[B<-verify>] 23b077aed3SPierre Pronchery[B<-noout>] 24b077aed3SPierre Pronchery[B<-hash>] 25b077aed3SPierre Pronchery[B<-hash_old>] 26b077aed3SPierre Pronchery[B<-fingerprint>] 27b077aed3SPierre Pronchery[B<-crlnumber>] 28b077aed3SPierre Pronchery[B<-issuer>] 29b077aed3SPierre Pronchery[B<-lastupdate>] 30b077aed3SPierre Pronchery[B<-nextupdate>] 31b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_name_synopsis -} 32b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_trust_synopsis -} 33b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 34b077aed3SPierre Pronchery 35b077aed3SPierre Pronchery=head1 DESCRIPTION 36b077aed3SPierre Pronchery 37b077aed3SPierre ProncheryThis command processes CRL files in DER or PEM format. 38b077aed3SPierre Pronchery 39b077aed3SPierre Pronchery=head1 OPTIONS 40b077aed3SPierre Pronchery 41b077aed3SPierre Pronchery=over 4 42b077aed3SPierre Pronchery 43b077aed3SPierre Pronchery=item B<-help> 44b077aed3SPierre Pronchery 45b077aed3SPierre ProncheryPrint out a usage message. 46b077aed3SPierre Pronchery 47b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM> 48b077aed3SPierre Pronchery 49b077aed3SPierre ProncheryThe CRL input format; unspecified by default. 50b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 51b077aed3SPierre Pronchery 52b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 53b077aed3SPierre Pronchery 54b077aed3SPierre ProncheryThe CRL output format; the default is B<PEM>. 55b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 56b077aed3SPierre Pronchery 57b077aed3SPierre Pronchery=item B<-key> I<filename> 58b077aed3SPierre Pronchery 59b077aed3SPierre ProncheryThe private key to be used to sign the CRL. 60b077aed3SPierre Pronchery 61b077aed3SPierre Pronchery=item B<-keyform> B<DER>|B<PEM>|B<P12> 62b077aed3SPierre Pronchery 63b077aed3SPierre ProncheryThe format of the private key file; unspecified by default. 64b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 65b077aed3SPierre Pronchery 66b077aed3SPierre Pronchery=item B<-in> I<filename> 67b077aed3SPierre Pronchery 68b077aed3SPierre ProncheryThis specifies the input filename to read from or standard input if this 69b077aed3SPierre Proncheryoption is not specified. 70b077aed3SPierre Pronchery 71b077aed3SPierre Pronchery=item B<-out> I<filename> 72b077aed3SPierre Pronchery 73b077aed3SPierre ProncherySpecifies the output filename to write to or standard output by 74b077aed3SPierre Proncherydefault. 75b077aed3SPierre Pronchery 76b077aed3SPierre Pronchery=item B<-gendelta> I<filename> 77b077aed3SPierre Pronchery 78b077aed3SPierre ProncheryOutput a comparison of the main CRL and the one specified here. 79b077aed3SPierre Pronchery 80b077aed3SPierre Pronchery=item B<-badsig> 81b077aed3SPierre Pronchery 82b077aed3SPierre ProncheryCorrupt the signature before writing it; this can be useful 83b077aed3SPierre Proncheryfor testing. 84b077aed3SPierre Pronchery 85b077aed3SPierre Pronchery=item B<-dateopt> 86b077aed3SPierre Pronchery 87b077aed3SPierre ProncherySpecify the date output format. Values are: rfc_822 and iso_8601. 88b077aed3SPierre ProncheryDefaults to rfc_822. 89b077aed3SPierre Pronchery 90b077aed3SPierre Pronchery=item B<-text> 91b077aed3SPierre Pronchery 92b077aed3SPierre ProncheryPrint out the CRL in text form. 93b077aed3SPierre Pronchery 94b077aed3SPierre Pronchery=item B<-verify> 95b077aed3SPierre Pronchery 96b077aed3SPierre ProncheryVerify the signature in the CRL. 97b077aed3SPierre Pronchery 98*44096ebdSEnji CooperThis option is implicitly enabled if any of B<-CApath>, B<-CAfile> 99*44096ebdSEnji Cooperor B<-CAstore> is specified. 100*44096ebdSEnji Cooper 101b077aed3SPierre Pronchery=item B<-noout> 102b077aed3SPierre Pronchery 103b077aed3SPierre ProncheryDon't output the encoded version of the CRL. 104b077aed3SPierre Pronchery 105b077aed3SPierre Pronchery=item B<-fingerprint> 106b077aed3SPierre Pronchery 107b077aed3SPierre ProncheryOutput the fingerprint of the CRL. 108b077aed3SPierre Pronchery 109b077aed3SPierre Pronchery=item B<-crlnumber> 110b077aed3SPierre Pronchery 111b077aed3SPierre ProncheryOutput the number of the CRL. 112b077aed3SPierre Pronchery 113b077aed3SPierre Pronchery=item B<-hash> 114b077aed3SPierre Pronchery 115b077aed3SPierre ProncheryOutput a hash of the issuer name. This can be use to lookup CRLs in 116b077aed3SPierre Proncherya directory by issuer name. 117b077aed3SPierre Pronchery 118b077aed3SPierre Pronchery=item B<-hash_old> 119b077aed3SPierre Pronchery 120b077aed3SPierre ProncheryOutputs the "hash" of the CRL issuer name using the older algorithm 121b077aed3SPierre Proncheryas used by OpenSSL before version 1.0.0. 122b077aed3SPierre Pronchery 123b077aed3SPierre Pronchery=item B<-issuer> 124b077aed3SPierre Pronchery 125b077aed3SPierre ProncheryOutput the issuer name. 126b077aed3SPierre Pronchery 127b077aed3SPierre Pronchery=item B<-lastupdate> 128b077aed3SPierre Pronchery 129b077aed3SPierre ProncheryOutput the lastUpdate field. 130b077aed3SPierre Pronchery 131b077aed3SPierre Pronchery=item B<-nextupdate> 132b077aed3SPierre Pronchery 133b077aed3SPierre ProncheryOutput the nextUpdate field. 134b077aed3SPierre Pronchery 135b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_name_item -} 136b077aed3SPierre Pronchery 137b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_trust_item -} 138b077aed3SPierre Pronchery 139b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 140b077aed3SPierre Pronchery 141b077aed3SPierre Pronchery=back 142b077aed3SPierre Pronchery 143b077aed3SPierre Pronchery=head1 EXAMPLES 144b077aed3SPierre Pronchery 145b077aed3SPierre ProncheryConvert a CRL file from PEM to DER: 146b077aed3SPierre Pronchery 147b077aed3SPierre Pronchery openssl crl -in crl.pem -outform DER -out crl.der 148b077aed3SPierre Pronchery 149b077aed3SPierre ProncheryOutput the text form of a DER encoded certificate: 150b077aed3SPierre Pronchery 151b077aed3SPierre Pronchery openssl crl -in crl.der -text -noout 152b077aed3SPierre Pronchery 153b077aed3SPierre Pronchery=head1 BUGS 154b077aed3SPierre Pronchery 155b077aed3SPierre ProncheryIdeally it should be possible to create a CRL using appropriate options 156b077aed3SPierre Proncheryand files too. 157b077aed3SPierre Pronchery 158b077aed3SPierre Pronchery=head1 SEE ALSO 159b077aed3SPierre Pronchery 160b077aed3SPierre ProncheryL<openssl(1)>, 161b077aed3SPierre ProncheryL<openssl-crl2pkcs7(1)>, 162b077aed3SPierre ProncheryL<openssl-ca(1)>, 163b077aed3SPierre ProncheryL<openssl-x509(1)>, 164b077aed3SPierre ProncheryL<ossl_store-file(7)> 165b077aed3SPierre Pronchery 166b077aed3SPierre Pronchery=head1 COPYRIGHT 167b077aed3SPierre Pronchery 168*44096ebdSEnji CooperCopyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 169b077aed3SPierre Pronchery 170b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 171b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 172b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 173b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 174b077aed3SPierre Pronchery 175b077aed3SPierre Pronchery=cut 176