You could start with the documentation that came with ssl. It is a collection of programs. Even "openssl" has many subprograms. You can use "openssl command --help" to get more detailed help.
Code:
openssl crl help
unknown option help
usage: crl args
-inform arg - input format - default PEM (DER or PEM)
-outform arg - output format - default PEM
-text - print out a text format version
-in arg - input file - default stdin
-out arg - output file - default stdout
-hash - print hash value
-fingerprint - print the crl fingerprint
-issuer - print issuer DN
-lastupdate - lastUpdate field
-nextupdate - nextUpdate field
-noout - no CRL output
-CAfile name - verify CRL using certificates in file "name"
-CApath dir - verify CRL using certificates in "dir"
-nameopt arg - various certificate name options
There is an O'Reilly book on OpenSSL.
Also, look at the manpages that come with the openssl package:
Code:
/usr/share/man/man1/ca.1ssl.gz
/usr/share/man/man1/crl.1ssl.gz
/usr/share/man/man1/crl2pkcs7.1ssl.gz
/usr/share/man/man1/dgst.1ssl.gz
/usr/share/man/man1/dhparam.1ssl.gz
/usr/share/man/man1/dsa.1ssl.gz
/usr/share/man/man1/dsaparam.1ssl.gz
/usr/share/man/man1/enc.1ssl.gz
/usr/share/man/man1/gendsa.1ssl.gz
/usr/share/man/man1/genrsa.1ssl.gz
/usr/share/man/man1/nseq.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/passwd.1ssl.gz
/usr/share/man/man1/pkcs12.1ssl.gz
/usr/share/man/man1/pkcs7.1ssl.gz
/usr/share/man/man1/pkcs8.1ssl.gz
/usr/share/man/man1/rand.1ssl.gz
/usr/share/man/man1/req.1ssl.gz
/usr/share/man/man1/rsa.1ssl.gz
/usr/share/man/man1/rsautl.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/smime.1ssl.gz
/usr/share/man/man1/spkac.1ssl.gz
/usr/share/man/man1/verify.1ssl.gz
/usr/share/man/man1/version.1ssl.gz
/usr/share/man/man1/x509.1ssl.gz
/usr/share/man/man3/crypto.3ssl.gz
/usr/share/man/man3/dsa.3ssl.gz
/usr/share/man/man3/rand.3ssl.gz
/usr/share/man/man3/rsa.3ssl.gz
/usr/share/man/man3/ssl.3ssl.gz
/usr/share/man/man3/x509.3ssl.gz
/usr/share/man/man5/config.5ssl.gz
Many of the manpages include something I wish all manpages had; examples!
Code:
EXAMPLES
To remove the pass phrase on an RSA private key:
openssl rsa -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
openssl rsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
openssl rsa -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
openssl rsa -in key.pem -text -noout
To just output the public part of a private key:
openssl rsa -in key.pem -pubout -out pubkey.pem