crl2pkcs7

CRL2PKCS7(1SSL)                     OpenSSL                    CRL2PKCS7(1SSL)

NAME
       openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and
       certificates

SYNOPSIS
       openssl crl2pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in
       filename] [-out filename] [-certfile filename] [-nocrl]

DESCRIPTION
       The crl2pkcs7 command takes an optional CRL and one or more
       certificates and converts them into a PKCS#7 degenerate "certificates
       only" structure.

OPTIONS
       -help
           Print out a usage message.

       -inform DER|PEM
           This specifies the CRL input format. DER format is DER encoded CRL
           structure.PEM (the default) is a base64 encoded version of the DER
           form with header and footer lines. The default format is PEM.

       -outform DER|PEM
           This specifies the PKCS#7 structure output format. DER format is
           DER encoded PKCS#7 structure.PEM (the default) is a base64 encoded
           version of the DER form with header and footer lines. The default
           format is PEM.

       -in filename
           This specifies the input filename to read a CRL from or standard
           input if this option is not specified.

       -out filename
           Specifies the output filename to write the PKCS#7 structure to or
           standard output by default.

       -certfile filename
           Specifies a filename containing one or more certificates in PEM
           format.  All certificates in the file will be added to the PKCS#7
           structure. This option can be used more than once to read
           certificates form multiple files.

       -nocrl
           Normally a CRL is included in the output file. With this option no
           CRL is included in the output file and a CRL is not read from the
           input file.

EXAMPLES
       Create a PKCS#7 structure from a certificate and CRL:

        openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

       Creates a PKCS#7 structure in DER format with no CRL from several
       different certificates:

        openssl crl2pkcs7 -nocrl -certfile newcert.pem
               -certfile demoCA/cacert.pem -outform DER -out p7.der

NOTES
       The output file is a PKCS#7 signed data structure containing no signers
       and just certificates and an optional CRL.

       This utility can be used to send certificates and CAs to Netscape as
       part of the certificate enrollment process. This involves sending the
       DER encoded output as MIME type application/x-x509-user-cert.

       The PEM encoded form with the header and footer lines removed can be
       used to install user certificates and CAs in MSIE using the Xenroll
       control.

SEE ALSO
       pkcs7(1)

COPYRIGHT
       Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the OpenSSL license (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

1.1.1f                            2023-10-10                   CRL2PKCS7(1SSL)
crl2pkcs7

Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2024 Hurricane Electric. All Rights Reserved.
