Certificate Revocation List
From Just Solve the File Format Problem
A Certificate Revocation List (CRL) is a cryptographically-signed list of certificates that a certificate authority has declared to be revoked.
A CRL file may be encoded in PEM format, DER format, or possibly some other format.
CRL files are becoming less widely-used, in favor of the OCSP protocol.
Contents |
Identification
A PEM-encoded CRL file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN X509 CRL -----
".
Examples
To view the contents of a PEM-encoded CRL file, using OpenSSL:
openssl crl -noout -text -in example.crl
To view the contents of a DER-encoded CRL file:
openssl crl -inform DER -noout -text -in example.crl
Software
Sample files
Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension"), so live CRL files are easy to find.