DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.1/openssl-crl2pkcs7.1



CRL2PKCS7(1)                 OpenSSL                 CRL2PKCS7(1)

NAME

     openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure
     from a CRL and certificates.

SYNOPSIS

     openssl crl2pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in
     filename] [-out filename] [-certfile filename] [-nocrl]

DESCRIPTION

     The crl2pkcs7 command takes an optional CRL and one or more
     certificates and converts them into a PKCS#7 degenerate
     "certificates only" structure.

COMMAND OPTIONS

     -inform DER|PEM
         This specifies the CRL input format. DER format is DER
         encoded CRL structure.PEM (the default) is a base64
         encoded version of the DER form with header and footer
         lines.

     -outform DER|PEM
         This specifies the PKCS#7 structure output format. DER
         format is DER encoded PKCS#7 structure.PEM (the default)
         is a base64 encoded version of the DER form with header
         and footer lines.

     -in filename
         This specifies the input filename to read a CRL from or
         standard input if this option is not specified.

     -out filename
         specifies the output filename to write the PKCS#7
         structure to or standard output by default.

     -certfile filename
         specifies a filename containing one or more certificates
         in PEM format.  All certificates in the file will be
         added to the PKCS#7 structure. This option can be used
         more than once to read certificates form multiple files.

     -nocrl
         normally a CRL is included in the output file. With this
         option no CRL is included in the output file and a CRL
         is not read from the input file.

EXAMPLES

     Create a PKCS#7 structure from a certificate and CRL:

      openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

     Creates a PKCS#7 structure in DER format with no CRL from
     several different certificates:

1.0.2t               Last change: 2019-09-10                    1

CRL2PKCS7(1)                 OpenSSL                 CRL2PKCS7(1)

      openssl crl2pkcs7 -nocrl -certfile newcert.pem
             -certfile demoCA/cacert.pem -outform DER -out p7.der

NOTES

     The output file is a PKCS#7 signed data structure containing
     no signers and just certificates and an optional CRL.

     This utility can be used to send certificates and CAs to
     Netscape as part of the certificate enrollment process. This
     involves sending the DER encoded output as MIME type
     application/x-x509-user-cert.

     The PEM encoded form with the header and footer lines
     removed can be used to install user certificates and CAs in
     MSIE using the Xenroll control.

SEE ALSO

     pkcs7(1)

1.0.2t               Last change: 2019-09-10                    2

See also crl2pkcs7(1)
Man(1) output converted with man2html