Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crl inspect
Name
step crl inspect -- print certificate revocation list (CRL) details in human-readable format
Usage
step crl inspect <file|url>
Description
step crl inspect validates and prints the details of a certificate revocation list (CRL). A CRL is considered valid if its signature is valid, the CA is not expired, and the next update time is in the future.
Positional arguments
file|url
The file or URL where the CRL is. If --from is passed it will inspect
the certificate and extract the CRL distribution point from.
Options
--format=format
The output format for printing the introspection details.
format is a string and must be one of:
text: Print output in unstructured text suitable for a human to read. This is the default format.
json: Print output in JSON format.
pem: Print output in PEM format.
--ca=file
The certificate file used to validate the CRL.
--from Extract CRL and CA from the URL passed as argument.
--roots=roots
Root certificate(s) that will be used to verify the
authenticity of the remote server.
roots is a case-sensitive string and may be one of:
file: Relative or full path to a file. All certificates in the file will be used for path validation.
list of files: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
directory: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.
--insecure
Examples
Inspect a CRL:
$ step crl inspect --insecure http://ca.example.com/crls/exampleca.crl
Inspect and validate a CRL in a file:
$ step crl inspect --ca ca.crt exampleca.crl
Format the CRL in JSON:
$ step crl inspect --insecure --format json exampleca.crl
Inspect the CRL from the CRL distribution point of a given url:
$ step crl inspect --from https://www.google.com
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.