step crl inspect
step crl inspect -- print certificate revocation list (CRL) details in human-readable format
step crl inspect <file|url>
step crl inspect validates and prints the details of a certificate revocation list (CRL). A CRL is considered valid if its signature is valid, the CA is not expired, and the next update time is in the future.
The file or URL where the CRL is. If
--from is passed it will inspect
the certificate and extract the CRL distribution point from.
The output format for printing the introspection details.
format is a string and must be one of:
text: Print output in unstructured text suitable for a human to read. This is the default format.
json: Print output in JSON format.
pem: Print output in PEM format.
file used to validate the CRL.
--from Extract CRL and CA from the URL passed as argument.
Root certificate(s) that will be used to verify the
authenticity of the remote server.
roots is a case-sensitive string and may be one of:
file: Relative or full path to a file. All certificates in the file will be used for path validation.
list of files: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
directory: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.
Inspect a CRL:
$ step crl inspect --insecure http://ca.example.com/crls/exampleca.crl
Inspect and validate a CRL in a file:
$ step crl inspect --ca ca.crt exampleca.crl
Format the CRL in JSON:
$ step crl inspect --insecure --format json exampleca.crl
Inspect the CRL from the CRL distribution point of a given url:
$ step crl inspect --from https://www.google.com