• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
7
8=head1 SYNOPSIS
9
10B<openssl> B<crl2pkcs7>
11[B<-help>]
12[B<-inform> B<DER>|B<PEM>]
13[B<-outform> B<DER>|B<PEM>]
14[B<-in> I<filename>]
15[B<-out> I<filename>]
16[B<-certfile> I<filename>]
17[B<-nocrl>]
18{- $OpenSSL::safe::opt_provider_synopsis -}
19
20=head1 DESCRIPTION
21
22This command takes an optional CRL and one or more
23certificates and converts them into a PKCS#7 degenerate "certificates
24only" structure.
25
26=head1 OPTIONS
27
28=over 4
29
30=item B<-help>
31
32Print out a usage message.
33
34=item B<-inform> B<DER>|B<PEM>
35
36The input format of the CRL; the default is B<PEM>.
37See L<openssl-format-options(1)> for details.
38
39=item B<-outform> B<DER>|B<PEM>
40
41The output format of the PKCS#7 object; the default is B<PEM>.
42See L<openssl-format-options(1)> for details.
43
44=item B<-in> I<filename>
45
46This specifies the input filename to read a CRL from or standard input if this
47option is not specified.
48
49=item B<-out> I<filename>
50
51Specifies the output filename to write the PKCS#7 structure to or standard
52output by default.
53
54=item B<-certfile> I<filename>
55
56Specifies a filename containing one or more certificates in B<PEM> format.
57All certificates in the file will be added to the PKCS#7 structure. This
58option can be used more than once to read certificates from multiple
59files.
60
61=item B<-nocrl>
62
63Normally a CRL is included in the output file. With this option no CRL is
64included in the output file and a CRL is not read from the input file.
65
66{- $OpenSSL::safe::opt_provider_item -}
67
68=back
69
70=head1 EXAMPLES
71
72Create a PKCS#7 structure from a certificate and CRL:
73
74 openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
75
76Creates a PKCS#7 structure in DER format with no CRL from several
77different certificates:
78
79 openssl crl2pkcs7 -nocrl -certfile newcert.pem
80        -certfile demoCA/cacert.pem -outform DER -out p7.der
81
82=head1 NOTES
83
84The output file is a PKCS#7 signed data structure containing no signers and
85just certificates and an optional CRL.
86
87This command can be used to send certificates and CAs to Netscape as part of
88the certificate enrollment process. This involves sending the DER encoded output
89as MIME type application/x-x509-user-cert.
90
91The B<PEM> encoded form with the header and footer lines removed can be used to
92install user certificates and CAs in MSIE using the Xenroll control.
93
94=head1 SEE ALSO
95
96L<openssl(1)>,
97L<openssl-pkcs7(1)>
98
99=head1 COPYRIGHT
100
101Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
102
103Licensed under the Apache License 2.0 (the "License").  You may not use
104this file except in compliance with the License.  You can obtain a copy
105in the file LICENSE in the source distribution or at
106L<https://www.openssl.org/source/license.html>.
107
108=cut
109