| CRL(1) | OpenSSL | CRL(1) |
| -inform DER|PEM | This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines. |
| -outform DER|PEM | This specifies the output format, the options have the same meaning as the -inform option. |
| -in filename | This specifies the input filename to read from or standard input if this option is not specified. |
| -out filename | specifies the output filename to write to or standard output by default. |
| -text | print out the CRL in text form. |
| -noout | don't output the encoded version of the CRL. |
| -hash | output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. |
| -issuer | output the issuer name. |
| -lastupdate | output the lastUpdate field. |
| -nextupdate | output the nextUpdate field. |
| -CAfile file | verify the signature on a CRL by looking up the issuing certificate in file |
| -CApath dir | verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate. |
-----BEGIN X509 CRL----- -----END X509 CRL-----
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
| July 20, 2009 | 1.0.1-dev |