Table of Contents for
Network Security with OpenSSL

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Network Security with OpenSSL by Pravir Chandra Published by O'Reilly Media, Inc., 2002
  1. Cover
  2. Network Security with OpenSSL
  3. Network Security with OpenSSL
  4. Dedication
  5. A Note Regarding Supplemental Files
  6. Preface
  7. 1. Introduction
  8. 2. Command-Line Interface
  9. 3. Public Key Infrastructure (PKI)
  10. 4. Support Infrastructure
  11. 5. SSL/TLS Programming
  12. 6. Symmetric Cryptography
  13. 7. Hashes and MACs
  14. 8. Public Key Algorithms
  15. 9. OpenSSL in Other Languages
  16. 10. Advanced Programming Topics
  17. A. Command-Line Reference
  18. asn1parse
  19. ca
  20. ciphers
  21. crl
  22. crl2pkcs7
  23. dgst
  24. dhparam
  25. dsa
  26. dsaparam
  27. enc
  28. errstr
  29. gendsa
  30. genrsa
  31. nseq
  32. passwd
  33. pkcs7
  34. pkcs8
  35. pkcs12
  36. rand
  37. req
  38. rsa
  39. rsautl
  40. s_client
  41. s_server
  42. s_time
  43. sess_id
  44. smime
  45. speed
  46. spkac
  47. verify
  48. version
  49. x509
  50. Index
  51. About the Authors
  52. Colophon
  53. Copyright

Name

crl

Synopsis

The crl command is used to examine and verify the validity of certificate revocation lists. The command can be used to display the contents of a CRL in human-readable form. It can also be used to convert CRLs between DER and PEM formats.

Options

-in filename

Specify the name of the file containing a CRL to be examined or verified. If this option is omitted, stdin is used.

-inform DER|PEM

Specify the format of the CRL that will be examined or verified. Possible formats are DER or PEM. If this option is omitted, PEM is the default format.

-out filename

Specify the name of a file to which the command’s output will be written. If this option is omitted, stdout is used.

-outform DER|PEM

Specify the format of the CRL that will be written out by the command. If this option is omitted, the default is PEM.

-text

Cause a human-readable text representation of the CRL to be written to the output destination.

-noout

Suppress the output of the CRL in DER or PEM format. By default, the input CRL is also output, except when the CRL’s signature is being verified.

-hash

Cause a hash of the CRL’s issuer name to be written to the output destination. The hash can be used to look up CRLs in a directory by issuer name in which the standard filename for each CRL is the hash of the issuer’s name and an extension of “.0”.

-issuer

Cause the CRL issuer’s name to be written to the output destination.

-lastupdate

Cause the CRL’s lastUpdate field to be written to the output destination.

-nextupdate

Cause the CRL’s nextUpdate field to be written to the output destination.

-fingerprint

Cause a fingerprint of the CRL to be written to the output destination. The fingerprint is a hash of the CRL computed using a message digest algorithm. By default, MD5 is used.

-CAfile filename

Verify the CRL’s signature using the certificate contained in the specified file.

-CApath directory

Verify the CRL’s signature using the certificates contained in the specified directory. Each certificate file in the directory should be named with the hash of the issuer’s name and an extension of “.0”.

Notes

When computing a fingerprint of a CRL, the default message digest that is used is MD5. Any other message digest algorithm supported by OpenSSL can also be used by specifying the name of the algorithm to use as an option. The message digest names are the same as those used by the dgst command.