一、简介
crl命令用于处里PME或DER格式的CRL文件
二、语法
openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-hash] [-fingerprint] [-issuer ] [-lastupdate ] [-nextupdate ] [-crlnumber] [-noout ] [-CAfile file ] [-CApath dir ] [-nameopt arg] [-verify]
选项
-inform arg - input format - default PEM (DER or PEM)
-outform arg - output format - default PEM
-text - print out a text format version
-in arg - input file - default stdin
-out arg - output file - default stdout
-hash - print hash value
-fingerprint - print the crl fingerprint
-issuer - print issuer DN
-lastupdate - lastUpdate field
-nextupdate - nextUpdate field
-crlnumber - print CRL number
-noout - no CRL output
-CAfile name - verify CRL using certificates in file "name"
-CApath dir - verify CRL using certificates in "dir"
-nameopt arg - various certificate name options
三、实例
1、验证CRL
openssl crl -in crl.crl -CAfile demoCA/cacert.pem -noout
2、PEM格式的CRL文件转换为DER格式
openssl crl -in crl.crl -outform DER -out crl.der
3、查看CRL信息
openssl crl -in crl.crl -text -issuer -hash -lastupdate -nextupdate
