一、简介
crl命令用于处里PME或DER格式的CRL文件
二、语法
openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-hash] [-fingerprint] [-issuer ] [-lastupdate ] [-nextupdate ] [-crlnumber] [-noout ] [-CAfile file ] [-CApath dir ] [-nameopt arg] [-verify]
选项
-inform arg - input format - default PEM (DER or PEM) -outform arg - output format - default PEM -text - print out a text format version -in arg - input file - default stdin -out arg - output file - default stdout -hash - print hash value -fingerprint - print the crl fingerprint -issuer - print issuer DN -lastupdate - lastUpdate field -nextupdate - nextUpdate field -crlnumber - print CRL number -noout - no CRL output -CAfile name - verify CRL using certificates in file "name" -CApath dir - verify CRL using certificates in "dir" -nameopt arg - various certificate name options
三、实例
1、验证CRL
openssl crl -in crl.crl -CAfile demoCA/cacert.pem -noout
2、PEM格式的CRL文件转换为DER格式
openssl crl -in crl.crl -outform DER -out crl.der
3、查看CRL信息
openssl crl -in crl.crl -text -issuer -hash -lastupdate -nextupdate