DESCRIPTIONThe crl command processes CRL files in DER or PEM format. COMMAND OPTIONS
-inform DER|PEM This specifies the input format. DER format is DER encoded
CRL structure. PEM (the default) is a base64 encoded version of
the DER form with header and footer lines.
-outform DER|PEM This specifies the output format, the options have the same
meaning as the -inform option.
-in filename This specifies the input filename to read from or standard
input if this option is not specified.
-out filename specifies the output filename to write to or standard output
by default.
-text print out the CRL in text form.
-noout don't output the encoded version of the CRL.
-hash output a hash of the issuer name. This can be use to lookup
CRLs in a directory by issuer name.
-issuer output the issuer name.
-lastupdate output the lastUpdate field.
-nextupdate output the nextUpdate field.
-CAfile file verify the signature on a CRL by looking up the issuing certificate
in file
-CApath dir verify the signature on a CRL by looking up the issuing certificate
in dir. This directory must be a standard certificate directory:
that is a hash of each subject name (using x509 -hash) should be
linked to each certificate.
NOTESThe PEM CRL format uses the header and footer lines:
-----BEGIN X509 CRL-----
-----END X509 CRL-----
EXAMPLESConvert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
RestrictionsIdeally it should be possible to create a CRL using appropriate
options and files too. SEE ALSOcrl2pkcs7(1), ca(1) , x509(1)
HP Open Source Security for OpenVMS Volume 2:... 
OpenSSL Command Line Interface (CLI) Reference
