diff options
Diffstat (limited to 'openssl/doc/apps/crl.pod')
-rw-r--r-- | openssl/doc/apps/crl.pod | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/openssl/doc/apps/crl.pod b/openssl/doc/apps/crl.pod new file mode 100644 index 0000000..044a9da --- /dev/null +++ b/openssl/doc/apps/crl.pod @@ -0,0 +1,128 @@ +=pod + +=head1 NAME + +crl - CRL utility + +=head1 SYNOPSIS + +B<openssl> B<crl> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-text>] +[B<-in filename>] +[B<-out filename>] +[B<-nameopt option>] +[B<-noout>] +[B<-hash>] +[B<-issuer>] +[B<-lastupdate>] +[B<-nextupdate>] +[B<-CAfile file>] +[B<-CApath dir>] + +=head1 DESCRIPTION + +The B<crl> command processes CRL files in DER or PEM format. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. B<DER> format is DER encoded CRL +structure. B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-text> + +print out the CRL in text form. + +=item B<-nameopt option> + +option which determines how the subject or issuer names are displayed. See +the description of B<-nameopt> in L<x509(1)|x509(1)>. + +=item B<-noout> + +don't output the encoded version of the CRL. + +=item B<-hash> + +output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. + +=item B<-hash_old> + +outputs the "hash" of the CRL issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. + +=item B<-issuer> + +output the issuer name. + +=item B<-lastupdate> + +output the lastUpdate field. + +=item B<-nextupdate> + +output the nextUpdate field. + +=item B<-CAfile file> + +verify the signature on a CRL by looking up the issuing certificate in +B<file> + +=item B<-CApath dir> + +verify the signature on a CRL by looking up the issuing certificate in +B<dir>. This directory must be a standard certificate directory: that +is a hash of each subject name (using B<x509 -hash>) should be linked +to each certificate. + +=back + +=head1 NOTES + +The PEM CRL format uses the header and footer lines: + + -----BEGIN X509 CRL----- + -----END X509 CRL----- + +=head1 EXAMPLES + +Convert a CRL file from PEM to DER: + + openssl crl -in crl.pem -outform DER -out crl.der + +Output the text form of a DER encoded certificate: + + openssl crl -in crl.der -text -noout + +=head1 BUGS + +Ideally it should be possible to create a CRL using appropriate options +and files too. + +=head1 SEE ALSO + +L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> + +=cut |