Certificate Revocation List

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{FormatInfo |formattype=electronic |subcat=Security |extensions={{ext|crl}}, {{ext|pem}} }} A '''Certificate Revocation List''' ('''CRL''') is a cryptographically-signed list...")
 
m (Software)
 
(3 intermediate revisions by one user not shown)
Line 7: Line 7:
  
 
A CRL file may be encoded in [[PEM]] format, [[DER]] format, or possibly some other format.
 
A CRL file may be encoded in [[PEM]] format, [[DER]] format, or possibly some other format.
 +
 +
CRL files are becoming less widely-used, in favor of the OCSP protocol.
  
 
== Identification ==
 
== Identification ==
A PEM-encoded CRL file is plain text, with [[base64]]-encoded payload data. It contains a line that reads "<code>-----BEGIN X509 CRL -----</code>".
+
A PEM-encoded CRL file is plain text, with [[base64]]-encoded payload data. It contains a line that reads "<code>-----BEGIN X509 CRL-----</code>".
  
 
== Examples ==
 
== Examples ==
 
To view the contents of a PEM-encoded CRL file, using OpenSSL:
 
To view the contents of a PEM-encoded CRL file, using OpenSSL:
 
   openssl crl -noout -text -in example.crl
 
   openssl crl -noout -text -in example.crl
 +
 +
To view the contents of a DER-encoded CRL file:
 +
  openssl crl -inform DER -noout -text -in example.crl
  
 
== Software ==
 
== Software ==
* [http://www.openssl.org/ OpenSSL]
+
* [[OpenSSL]]
 +
 
 +
== Sample files ==
 +
Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension), so live CRL files are easy to find.
 +
* [http://gtssldv-crl.geotrust.com/crls/gtssldv.crl gtssldv.crl]
 +
* [http://crl.thawte.com/ThawteEVCA2006.crl ThawteEVCA2006.crl]
 +
* [http://EVSecure-crl.verisign.com/EVSecure2006.crl EVSecure2006.crl]

Latest revision as of 22:16, 2 February 2016

File Format
Name Certificate Revocation List
Ontology
Extension(s) .crl, .pem

A Certificate Revocation List (CRL) is a cryptographically-signed list of certificates that a certificate authority has declared to be revoked.

A CRL file may be encoded in PEM format, DER format, or possibly some other format.

CRL files are becoming less widely-used, in favor of the OCSP protocol.

Contents

[edit] Identification

A PEM-encoded CRL file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN X509 CRL-----".

[edit] Examples

To view the contents of a PEM-encoded CRL file, using OpenSSL:

 openssl crl -noout -text -in example.crl

To view the contents of a DER-encoded CRL file:

 openssl crl -inform DER -noout -text -in example.crl

[edit] Software

[edit] Sample files

Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension), so live CRL files are easy to find.

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox