openssl-crl, crl - CRL utility
openssl crl [-help] [-inform PEM|DER] [-outform
  PEM|DER] [-text] [-in filename] [-out filename]
  [-nameopt option] [-noout] [-hash] [-issuer]
  [-lastupdate] [-nextupdate] [-CAfile file] [-CApath
  dir]
The crl command processes CRL files in DER or PEM format.
  - -help
- Print out a usage message.
- -inform DER|PEM
- This specifies the input format. DER format is DER encoded CRL
      structure. PEM (the default) is a base64 encoded version of the DER
      form with header and footer lines.
- -outform DER|PEM
- This specifies the output format, the options have the same meaning and
      default as the -inform option.
- -in filename
- This specifies the input filename to read from or standard input if this
      option is not specified.
- -out filename
- Specifies the output filename to write to or standard output by
    default.
- -text
- Print out the CRL in text form.
- -nameopt option
- Option which determines how the subject or issuer names are displayed. See
      the description of -nameopt in x509(1).
- -noout
- Don't output the encoded version of the CRL.
- -hash
- Output a hash of the issuer name. This can be use to lookup CRLs in a
      directory by issuer name.
- -hash_old
- Outputs the "hash" of the CRL issuer name using the older
      algorithm as used by OpenSSL before version 1.0.0.
- -issuer
- Output the issuer name.
- -lastupdate
- Output the lastUpdate field.
- -nextupdate
- Output the nextUpdate field.
- -CAfile file
- Verify the signature on a CRL by looking up the issuing certificate in
      file.
- -CApath dir
- Verify the signature on a CRL by looking up the issuing certificate in
      dir. This directory must be a standard certificate directory: that
      is a hash of each subject name (using x509 -hash) should be linked
      to each certificate.
The PEM CRL format uses the header and footer lines:
 -----BEGIN X509 CRL-----
 -----END X509 CRL-----
Convert a CRL file from PEM to DER:
 openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
 openssl crl -in crl.der -inform DER -text -noout
Ideally it should be possible to create a CRL using appropriate options and
  files too.
crl2pkcs7(1), ca(1), x509(1)
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You
    may not use this file except in compliance with the License. You can obtain
    a copy in the file LICENSE in the source distribution or at
    <https://www.openssl.org/source/license.html>.