← 返回命令列表

Linux command

crl.1s 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Display CRL information

openssl crl -in [crl.pem] -text -noout

Convert CRL from PEM

openssl crl -in [crl.pem] -outform DER -out [crl.der]

Convert CRL from DER

openssl crl -in [crl.der] -inform DER -out [crl.pem]

Verify CRL signature

openssl crl -in [crl.pem] -CAfile [ca.pem] -verify

Print the issuer

openssl crl -in [crl.pem] -issuer -noout

Print the last and next update

openssl crl -in [crl.pem] -lastupdate -nextupdate -noout

说明

openssl crl is the OpenSSL command for processing Certificate Revocation Lists (CRLs). CRLs are lists of digital certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date. The command can parse, convert, and verify CRLs. It supports both PEM (Base64-encoded) and DER (binary) formats. CRL verification ensures the list was signed by the claimed CA and hasn't been tampered with. CRLs are essential for PKI (Public Key Infrastructure) security, allowing systems to check whether a certificate has been revoked. The command provides detailed information about revoked certificates, revocation dates, and CRL validity periods.

参数

-in _FILE_
Input CRL file to process.
-out _FILE_
Output file for the converted CRL.
-inform _FORMAT_
Input format: PEM or DER.
-outform _FORMAT_
Output format: PEM or DER.
-text
Print CRL in human-readable text format.
-noout
Don't output the encoded CRL.
-verify
Verify the signature on the CRL.
-CAfile _FILE_
CA certificate file for verification.
-issuer
Print the issuer name.
-lastupdate
Print the last update time.
-nextupdate
Print the next update time.
-hash
Print the hash of the CRL issuer name.

FAQ

What is the crl.1s command used for?

openssl crl is the OpenSSL command for processing Certificate Revocation Lists (CRLs). CRLs are lists of digital certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date. The command can parse, convert, and verify CRLs. It supports both PEM (Base64-encoded) and DER (binary) formats. CRL verification ensures the list was signed by the claimed CA and hasn't been tampered with. CRLs are essential for PKI (Public Key Infrastructure) security, allowing systems to check whether a certificate has been revoked. The command provides detailed information about revoked certificates, revocation dates, and CRL validity periods.

How do I run a basic crl.1s example?

Run `openssl crl -in [crl.pem] -text -noout` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -in _FILE_ do in crl.1s?

Input CRL file to process.