Chapter 11

Pretty Print CRL Tool

---

You can use the Pretty Print CRL tool to print the contents of a CRL stored as ASCII base-64-encoded data in a human-readable form.

The chapter has the following sections:

• "Location," on page 399
• "Syntax," on page 399
• "Example," on page 400

Location

The tool is located with the rest of the command-line tools in this directory: <server_root>/bin/cert/tools

Syntax

To run the Pretty Print CRL tool, type the following command:

PrettyPrintCrl[.bat] <input_file> [<output-file>]

.bat specifies the file extension; this is required only when running the utility on a Windows NT system.

<input_file> specifies the path to the file that contains the ASCII base-64 encoded CRL.

<output_file> specifies the path to the file to write the CRL. This argument is optional; if you don't specify an output file, the CRL information is written to the standard output.

Example

PrettyPrintCrl.bat C:\test\crl.in C:\test\crl.out

The above command takes the ASCII base-64 encoded CRL in the crl.in file and writes the CRL in the pretty-print form to the output file named crl.out.

The base-64 encoded CRL (content of the crl.in file) would look similar to this:

-----BEGIN CRL-----

MIIBkjCBAIBATANBgkqhkiG9w0BAQQFADAsMREwDwYDVQQKEwhOZXRzY2FwZTEXMBUG

A1UEAxMOQ2VydDQwIFRlc3QgQ0EXDTk4MTIxNzIyMzcyNFowgaowIAIBExcNOTgxMjE

1MTMxODMyWjAMMAoGA1UdFQQDCgEBMCACARIXDTk4MTINTEzMjA0MlowDDAKBgNVHRU

EAwoBAjAgAgERFw05ODEyMTYxMjUxNTRaMAwwCgYDVR0VBAMKAQEwIAIBEBcNOTgxMj

E3MTAzNzI0WjAMMAoGA1UdFQQDCgEDMCACAQoXDTk4MTEyNTEzMTExOFowDDAKBgNVH

RUEAwoBATANBgkqhkiG9w0BQQFAAOBgQBCN85O0GPTnHfImYPROvoorx7HyFz2ZsuKs

VblTcemsX0NL7DtOa+MyY0pPrkXgm157JrkxEJ7GBOeogbAS6iFbmeSqPHj8+

-----END CRL-----
 

The CRL in pretty-print form (content of the crl.out file) would look similar to this:

Certificate Revocation List:
 
	Data:
 
		Version:  v2
 
		Signature Algorithm: MD5withRSA - 1.2.840.113549.1.1.4
 
		Issuer: CN=Test CA,O=Example Corporation
 
		This Update: Thu Dec 17 14:37:24 PST 1998
 
		Revoked Certificates:
 
			Serial Number: 0x13

			Revocation Date: Tuesday, December 15, 1998 5:18:32 AM

			Extensions:

				Identifier: Revocation Reason - 2.5.29.21

				Critical: no

				Reason: Key_Compromise
 
			Serial Number: 0x12

			Revocation Date: Tuesday, December 15, 1998 5:20:42 AM

			Extensions:

				Identifier: Revocation Reason - 2.5.29.21

				Critical: no

				Reason: CA_Compromise
 
			Serial Number: 0x11

			Revocation Date: Wednesday, December 16, 1998 4:51:54 AM

			Extensions:

				Identifier: Revocation Reason - 2.5.29.21

				Critical: no

				Reason: Key_Compromise
 
			Serial Number: 0x10

			Revocation Date: Thursday, December 17, 1998 2:37:24 AM

			Extensions:

				Identifier: Revocation Reason - 2.5.29.21

				Critical: no

				Reason: Affiliation_Changed
 
			Serial Number: 0xA

			Revocation Date: Wednesday, November 25, 1998 5:11:18 AM

			Extensions:

				Identifier: Revocation Reason - 2.5.29.21

				Critical: no

				Reason: Key_Compromise
 
		Signature:

			Algorithm: MD5withRSA - 1.2.840.113549.1.1.4

			Signature:

				42:37:CE:4E:D0:63:D3:9C:77:C8:99:83:D1:3A:FA:28:

				AF:1E:C7:C8:5C:F6:66:CB:8A:B1:56:E5:4D:C7:A6:B1:

				7D:0D:2F:B0:ED:39:AF:8C:C9:8D:29:3E:B9:17:82:6D:

				79:EC:9A:E4:C4:42:7B:18:13:9E:A2:06:C0:4B:A8:85:

				6E:67:92:A8:F1:E3:F3:E2:41:1F:9B:2D:24:D9:DF:4C:

				2B:A1:68:CE:96:C7:AF:F7:5B:F7:3D:2F:06:57:39:74:

				CF:B2:FA:46:C6:AD:18:60:8D:3E:0C:F7:C1:66:52:37:

				CF:89:42:B0:D7:33:C4:95:7E:F4:D9:1E:32:B8:5E:12: