The crl command processes CRL files in DER or PEM format.
COMMAND OPTIONS
-inform DER|PEM
This specifies the input format. DER format is DER encoded CRL
structure. PEM (the default) is a base64 encoded version of
the DER form with header and footer lines.
-outform DER|PEM
This specifies the output format, the options have the same meaning as the
-inform option.
-in filename
This specifies the input filename to read from or standard input if this
option is not specified.
-out filename
specifies the output filename to write to or standard output by
default.
-text
print out the CRL in text form.
-noout
don't output the encoded version of the CRL.
-hash
output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
-issuer
output the issuer name.
-lastupdate
output the lastUpdate field.
-nextupdate
output the nextUpdate field.
-CAfile file
verify the signature on a CRL by looking up the issuing certificate in
file
-CApath dir
verify the signature on a CRL by looking up the issuing certificate in
dir. This directory must be a standard certificate directory: that
is a hash of each subject name (using x509 -hash) should be linked
to each certificate.
NOTES
The PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
BUGS
Ideally it should be possible to create a CRL using appropriate options
and files too.