openssl-crl 命令

常用示例

说明

openssl crl processes Certificate Revocation Lists. CRLs list certificates that have been revoked before their expiration date. The command can display, convert, and verify CRL files.

参数

-in _file_

Input CRL.

-out _file_

Output file.

-inform _format_

Input format (PEM, DER).

-outform _format_

Output format.

-text

Print CRL in human-readable text form.

-noout

Do not output the encoded version of the CRL.

-verify

Verify the CRL signature. Implicitly enabled if -CApath, -CAfile, or -CAstore is specified.

-hash

Output a hash of the issuer name, used to look up CRLs in a directory by issuer name.

-fingerprint

Output the fingerprint of the CRL.

-issuer

Output the issuer name.

-lastupdate

Output the lastUpdate field.

-nextupdate

Output the nextUpdate field.

-crlnumber

Output the CRL number.

-nameopt _option_

Specify how subject or issuer names are displayed.

-CAfile _file_

CA certificate file for verification.

-CApath _dir_

Directory of CA certificates for verification.

-gendelta _file_

Output a comparison of the main CRL and the one specified.

-badsig

Corrupt the signature before writing; useful for testing.