openssl-prebuild/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl.html
2020-03-02 16:50:34 +00:00

227 lines
7.1 KiB
HTML
Executable File

<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>openssl-crl</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<!-- INDEX BEGIN -->
<div name="index">
<p><a name="__index__"></a></p>
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#options">OPTIONS</a></li>
<li><a href="#examples">EXAMPLES</a></li>
<li><a href="#bugs">BUGS</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
</ul>
<hr name="index" />
</div>
<!-- INDEX END -->
<p>
</p>
<hr />
<h1><a name="name">NAME</a></h1>
<p>openssl-crl - CRL utility</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>openssl</strong> <strong>crl</strong>
[<strong>-help</strong>]
[<strong>-inform</strong> <strong>DER</strong>|<strong>PEM</strong>]
[<strong>-outform</strong> <strong>DER</strong>|<strong>PEM</strong>]
[<strong>-key</strong> <em>filename</em>]
[<strong>-keyform</strong> <strong>DER</strong>|<strong>PEM</strong>|<strong>ENGINE</strong>]
[<strong>-text</strong>]
[<strong>-in</strong> <em>filename</em>]
[<strong>-out</strong> <em>filename</em>]
[<strong>-gendelta</strong> <em>filename</em>]
[<strong>-badsig</strong>]
[<strong>-verify</strong>]
[<strong>-noout</strong>]
[<strong>-hash</strong>]
[<strong>-hash_old</strong>]
[<strong>-fingerprint</strong>]
[<strong>-crlnumber</strong>]
[<strong>-issuer</strong>]
[<strong>-lastupdate</strong>]
[<strong>-nextupdate</strong>]
[<strong>-nameopt</strong> <em>option</em>]
[<strong>-CAfile</strong> <em>file</em>]
[<strong>-no-CAfile</strong>]
[<strong>-CApath</strong> <em>dir</em>]
[<strong>-no-CApath</strong>]
[<strong>-CAstore</strong> <em>uri</em>]
[<strong>-no-CAstore</strong>]</p>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p>This command processes CRL files in DER or PEM format.</p>
<p>
</p>
<hr />
<h1><a name="options">OPTIONS</a></h1>
<dl>
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
<dd>
<p>Print out a usage message.</p>
</dd>
<dt><strong><a name="inform_der_pem_outform_der_pem" class="item"><strong>-inform</strong> <strong>DER</strong>|<strong>PEM</strong>, <strong>-outform</strong> <strong>DER</strong>|<strong>PEM</strong></a></strong></dt>
<dd>
<p>The input and output formats of the CRL; the default is <strong>PEM</strong>.
See <em>openssl(1)/Format Options</em> for details.</p>
</dd>
<dt><strong><a name="key_filename" class="item"><strong>-key</strong> <em>filename</em></a></strong></dt>
<dd>
<p>The private key to be used to sign the CRL.</p>
</dd>
<dt><strong><a name="keyform_der_pem_engine" class="item"><strong>-keyform</strong> <strong>DER</strong>|<strong>PEM</strong>|<strong>ENGINE</strong></a></strong></dt>
<dd>
<p>The format of the private key file; the default is <strong>PEM</strong>.
See <em>openssl(1)/Format Options</em> for details.</p>
</dd>
<dt><strong><a name="in_filename" class="item"><strong>-in</strong> <em>filename</em></a></strong></dt>
<dd>
<p>This specifies the input filename to read from or standard input if this
option is not specified.</p>
</dd>
<dt><strong><a name="out_filename" class="item"><strong>-out</strong> <em>filename</em></a></strong></dt>
<dd>
<p>Specifies the output filename to write to or standard output by
default.</p>
</dd>
<dt><strong><a name="gendelta_filename" class="item"><strong>-gendelta</strong> <em>filename</em></a></strong></dt>
<dd>
<p>Output a comparison of the main CRL and the one specified here.</p>
</dd>
<dt><strong><a name="badsig" class="item"><strong>-badsig</strong></a></strong></dt>
<dd>
<p>Corrupt the signature before writing it; this can be useful
for testing.</p>
</dd>
<dt><strong><a name="text" class="item"><strong>-text</strong></a></strong></dt>
<dd>
<p>Print out the CRL in text form.</p>
</dd>
<dt><strong><a name="verify" class="item"><strong>-verify</strong></a></strong></dt>
<dd>
<p>Verify the signature in the CRL.</p>
</dd>
<dt><strong><a name="noout" class="item"><strong>-noout</strong></a></strong></dt>
<dd>
<p>Don't output the encoded version of the CRL.</p>
</dd>
<dt><strong><a name="fingerprint" class="item"><strong>-fingerprint</strong></a></strong></dt>
<dd>
<p>Output the fingerprint of the CRL.</p>
</dd>
<dt><strong><a name="crlnumber" class="item"><strong>-crlnumber</strong></a></strong></dt>
<dd>
<p>Output the number of the CRL.</p>
</dd>
<dt><strong><a name="hash" class="item"><strong>-hash</strong></a></strong></dt>
<dd>
<p>Output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.</p>
</dd>
<dt><strong><a name="hash_old" class="item"><strong>-hash_old</strong></a></strong></dt>
<dd>
<p>Outputs the &quot;hash&quot; of the CRL issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.</p>
</dd>
<dt><strong><a name="issuer" class="item"><strong>-issuer</strong></a></strong></dt>
<dd>
<p>Output the issuer name.</p>
</dd>
<dt><strong><a name="lastupdate" class="item"><strong>-lastupdate</strong></a></strong></dt>
<dd>
<p>Output the lastUpdate field.</p>
</dd>
<dt><strong><a name="nextupdate" class="item"><strong>-nextupdate</strong></a></strong></dt>
<dd>
<p>Output the nextUpdate field.</p>
</dd>
<dt><strong><a name="nameopt_option" class="item"><strong>-nameopt</strong> <em>option</em></a></strong></dt>
<dd>
<p>This specifies how the subject or issuer names are displayed.
See <em>openssl(1)/Name Format Options</em> for details.</p>
</dd>
<dt><strong><a name="cafile_file_no_cafile_capath_dir_no_capath_castore_uri_no_castore" class="item"><strong>-CAfile</strong> <em>file</em>, <strong>-no-CAfile</strong>, <strong>-CApath</strong> <em>dir</em>, <strong>-no-CApath</strong>,
<strong>-CAstore</strong> <em>uri</em>, <strong>-no-CAstore</strong></a></strong></dt>
<dd>
<p>See <em>openssl(1)/Trusted Certificate Options</em> for details.</p>
</dd>
</dl>
<p>
</p>
<hr />
<h1><a name="examples">EXAMPLES</a></h1>
<p>Convert a CRL file from PEM to DER:</p>
<pre>
openssl crl -in crl.pem -outform DER -out crl.der</pre>
<p>Output the text form of a DER encoded certificate:</p>
<pre>
openssl crl -in crl.der -inform DER -text -noout</pre>
<p>
</p>
<hr />
<h1><a name="bugs">BUGS</a></h1>
<p>Ideally it should be possible to create a CRL using appropriate options
and files too.</p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<p><em>openssl(1)</em>,
<em>openssl-crl2pkcs7(1)</em>,
<em>openssl-ca(1)</em>,
<em>openssl-x509(1)</em>,
<em>ossl_store-file(7)</em></p>
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
<p>Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>