Parsing A CRL With OpenSSL
January
10th,
2010
Short and sweet. This command will parse and give you a list of revoked serial numbers:
openssl crl -inform DER -text -noout -in mycrl.crl
Most CRLs are DER encoded, but you can use -inform PEM if your CRL is not binary. If you’re unsure if it is DER or PEM open it with a text editor. If you see —–BEGIN X509 CRL—– then it’s PEM and if you see strange binary-looking garbage characters it’s DER.