OpenSSL CRL Certificate Revocation List Utilities

From UNIX Systems Administration
Jump to navigation Jump to search

Certificate Revocation List (CRL) Information

  • Extension(s) .crl, .pem
  • A Certificate Revocation List (CRL) is a cryptographically-signed list of certificates that a certificate authority has declared to be revoked.
  • A CRL file may be encoded in PEM format, DER format, or possibly some other format.
  • A PEM-encoded CRL file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN X509 CRL-----".

CRL Commands

  1. View the contents of a PEM-formatted CRL file.
    1. # openssl crl -noout -text -in <crlfile-pem>.crl
  2. View the contents of a DER-formatted CRL file:
    1. # openssl crl -inform der -noout -text -in <crlfile-der>.crl

Further Reading

  1. Certificate Revocation List
  2. OpenSSL CRL
Retrieved from "http://www.outlandsmud.com/wiki/index.php?title=OpenSSL_CRL_Certificate_Revocation_List_Utilities&oldid=741"