CRL2PKCS7
Section: OpenSSL (1)
Updated: 2020-07-28
Page Index
NAME
openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
SYNOPSIS
openssl crl2pkcs7
[
-help]
[
-inform PEM|DER]
[
-outform PEM|DER]
[
-in filename]
[
-out filename]
[
-certfile filename]
[
-nocrl]
DESCRIPTION
The
crl2pkcs7 command takes an optional
CRL and one or more
certificates and converts them into a PKCS#7 degenerate ``certificates
only'' structure.
OPTIONS
- -help
-
Print out a usage message.
- -inform DER|PEM
-
This specifies the CRL input format. DER format is DER encoded CRL
structure.PEM (the default) is a base64 encoded version of
the DER form with header and footer lines. The default format is PEM.
- -outform DER|PEM
-
This specifies the PKCS#7 structure output format. DER format is DER
encoded PKCS#7 structure.PEM (the default) is a base64 encoded version of
the DER form with header and footer lines. The default format is PEM.
- -in filename
-
This specifies the input filename to read a CRL from or standard input if this
option is not specified.
- -out filename
-
Specifies the output filename to write the PKCS#7 structure to or standard
output by default.
- -certfile filename
-
Specifies a filename containing one or more certificates in PEM format.
All certificates in the file will be added to the PKCS#7 structure. This
option can be used more than once to read certificates form multiple
files.
- -nocrl
-
Normally a CRL is included in the output file. With this option no CRL is
included in the output file and a CRL is not read from the input file.
EXAMPLES
Create a PKCS#7 structure from a certificate and
CRL:
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
NOTES
The output file is a PKCS#7 signed data structure containing no signers and
just certificates and an optional
CRL.
This utility can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the DER encoded output
as MIME type application/x-x509-user-cert.
The PEM encoded form with the header and footer lines removed can be used to
install user certificates and CAs in MSIE using the Xenroll control.
SEE ALSO
pkcs7(1)
COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.