Linux "crl" Command Line Options and Examples
The crl command processes CRL files in DER or PEM format..
openssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash]
[-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]
Command Line Options:
Print out a usage message.
crl -help ...
This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of theDER form with header and footer lines.
crl -inform ...
This specifies the output format, the options have the same meaning as the -inform option.
crl -outform ...
This specifies the input filename to read from or standard input if this option is not specified.
crl -in ...
specifies the output filename to write to or standard output by default.
crl -out ...
print out the CRL in text form.
crl -text ...
option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).
crl -nameopt ...
don't output the encoded version of the CRL.
crl -noout ...
output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.
crl -hash ...
outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL versions before 1.0.0.
crl -hash_old ...
output the issuer name.
crl -issuer ...
output the lastUpdate field.
crl -lastupdate ...
output the nextUpdate field.
crl -nextupdate ...
verify the signature on a CRL by looking up the issuing certificate in file
crl -CAfile ...
verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificatedirectory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.NOTESThe PEM CRL format uses the header and footer lines:
crl -CApath ...