How to Get the Total Revoked Items from a CRL

A customer I work with recently wanted to have a scriptable method to take any given CRL and determine the total number of revoked objects it contains. Luckily, certutil combined with your favorite findstr / grep / regex application can do this quite easily:

 

certutil.exe –dump <CRLFileName>| findstr "Entries"

 

The output will be a numerical count of the total number of revoked items. Note that this doesn't need to be run from a CA, nor does it have any dependencies on the issuer's chain.