CRL2PKCS7 1 2002-07-30 0.9.9-dev OpenSSL
NAME
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
ooppeennssssll ccrrll22ppkkccss77
[--iinnffoorrmm PPEEMM||DDEERR]
[--oouuttffoorrmm PPEEMM||DDEERR]
[--iinn ffiilleennaammee]
[--oouutt ffiilleennaammee]
[--cceerrttffiillee ffiilleennaammee]
[--nnooccrrll]
DESCRIPTION
The ccrrll22ppkkccss77 command takes an optional CRL and one or more
certificates and converts them into a PKCS#7 degenerate "certificates
only" structure.
COMMAND OPTIONS
-
--iinnffoorrmm DDEERR||PPEEMM
This specifies the CRL input format. DDEERR format is DER encoded CRL
-
structure.PPEEMM (the default) is a base64 encoded version of
the DER form with header and footer lines.
-
--oouuttffoorrmm DDEERR||PPEEMM
This specifies the PKCS#7 structure output format. DDEERR format is DER
-
encoded PKCS#7 structure.PPEEMM (the default) is a base64 encoded version of
the DER form with header and footer lines.
-
--iinn ffiilleennaammee
This specifies the input filename to read a CRL from or standard input if this
-
option is not specified.
-
--oouutt ffiilleennaammee
specifies the output filename to write the PKCS#7 structure to or standard
-
output by default.
-
--cceerrttffiillee ffiilleennaammee
specifies a filename containing one or more certificates in PPEEMM format.
-
All certificates in the file will be added to the PKCS#7 structure. This
option can be used more than once to read certificates form multiple
files.
-
--nnooccrrll
normally a CRL is included in the output file. With this option no CRL is
-
included in the output file and a CRL is not read from the input file.
EXAMPLES
Create a PKCS#7 structure from a certificate and CRL:
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
NOTES
The output file is a PKCS#7 signed data structure containing no signers and
just certificates and an optional CRL.
This utility can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the DER encoded output
as MIME type application/x-x509-user-cert.
The PPEEMM encoded form with the header and footer lines removed can be used to
install user certificates and CAs in MSIE using the Xenroll control.
SEE ALSO
_o_p_e_n_s_s_l___p_k_c_s_7(1)