How to check expiration date of crl file

Question

I have a problem with certificate revocation list for ssl certificates.

How can I check expiration date of a crl file ? How can I validate a crl file ?

Meanwhile I found solution:RTFM man keytool -printcrl -file crl_ {-v} Reads the certificate revocation list (CRL) from the file crl_file. A Certificate Revocation List (CRL) is a list of digital certificates which have been revoked by the Certificate Authority (CA) that issued them. The CA generates crl_file. — bastiat, Jan 07 '14 at 13:34

score 22 · Accepted Answer · edited Feb 22 '17 at 19:52

22

Use the crl command from OpenSSL:

openssl crl -in file.crl -text

For more information see the documentation.

edited Feb 22 '17 at 19:52

David Ravetti

answered Jan 04 '14 at 08:59

Steffen Ullrich

1

If I had more upvotes to give, I would. – user208145 Dec 28 '17 at 04:24
1

If you're dealing with huge CRLs, do yourself a favor and run this with `| less`, because output will be *long*. – ave Dec 20 '20 at 19:38
1

Tip: If your CRL file is actually in `.pem` (you can also check the contents of the file, if it says `BEGIN X509 CRL` then it's PEM). Then you should also pass the flag `-inform PEM`, otherwise you will get an error. – greduan Apr 04 '22 at 11:39

1 Answers1