]>
Commit | Line | Data |
---|---|---|
5e76807b DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates |
5e76807b DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
cd756209 | 9 | B<openssl> B<crl2pkcs7> |
169394d4 | 10 | [B<-help>] |
5e76807b DSH |
11 | [B<-inform PEM|DER>] |
12 | [B<-outform PEM|DER>] | |
13 | [B<-in filename>] | |
14 | [B<-out filename>] | |
cd756209 BM |
15 | [B<-certfile filename>] |
16 | [B<-nocrl>] | |
5e76807b DSH |
17 | |
18 | =head1 DESCRIPTION | |
19 | ||
20 | The B<crl2pkcs7> command takes an optional CRL and one or more | |
21 | certificates and converts them into a PKCS#7 degenerate "certificates | |
22 | only" structure. | |
23 | ||
3dfda1a6 | 24 | =head1 OPTIONS |
5e76807b DSH |
25 | |
26 | =over 4 | |
27 | ||
169394d4 MR |
28 | =item B<-help> |
29 | ||
30 | Print out a usage message. | |
31 | ||
5e76807b DSH |
32 | =item B<-inform DER|PEM> |
33 | ||
34 | This specifies the CRL input format. B<DER> format is DER encoded CRL | |
35 | structure.B<PEM> (the default) is a base64 encoded version of | |
7477c83e | 36 | the DER form with header and footer lines. The default format is PEM. |
5e76807b DSH |
37 | |
38 | =item B<-outform DER|PEM> | |
39 | ||
40 | This specifies the PKCS#7 structure output format. B<DER> format is DER | |
41 | encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of | |
7477c83e | 42 | the DER form with header and footer lines. The default format is PEM. |
5e76807b DSH |
43 | |
44 | =item B<-in filename> | |
45 | ||
46 | This specifies the input filename to read a CRL from or standard input if this | |
47 | option is not specified. | |
48 | ||
49 | =item B<-out filename> | |
50 | ||
c4de074e | 51 | Specifies the output filename to write the PKCS#7 structure to or standard |
5e76807b DSH |
52 | output by default. |
53 | ||
54 | =item B<-certfile filename> | |
55 | ||
c4de074e | 56 | Specifies a filename containing one or more certificates in B<PEM> format. |
5e76807b DSH |
57 | All certificates in the file will be added to the PKCS#7 structure. This |
58 | option can be used more than once to read certificates form multiple | |
59 | files. | |
60 | ||
61 | =item B<-nocrl> | |
62 | ||
c4de074e | 63 | Normally a CRL is included in the output file. With this option no CRL is |
5e76807b DSH |
64 | included in the output file and a CRL is not read from the input file. |
65 | ||
66 | =back | |
67 | ||
68 | =head1 EXAMPLES | |
69 | ||
70 | Create a PKCS#7 structure from a certificate and CRL: | |
71 | ||
72 | openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem | |
73 | ||
74 | Creates a PKCS#7 structure in DER format with no CRL from several | |
75 | different certificates: | |
76 | ||
1bc74519 RS |
77 | openssl crl2pkcs7 -nocrl -certfile newcert.pem |
78 | -certfile demoCA/cacert.pem -outform DER -out p7.der | |
5e76807b DSH |
79 | |
80 | =head1 NOTES | |
81 | ||
82 | The output file is a PKCS#7 signed data structure containing no signers and | |
83 | just certificates and an optional CRL. | |
84 | ||
85 | This utility can be used to send certificates and CAs to Netscape as part of | |
86 | the certificate enrollment process. This involves sending the DER encoded output | |
87 | as MIME type application/x-x509-user-cert. | |
88 | ||
89 | The B<PEM> encoded form with the header and footer lines removed can be used to | |
90 | install user certificates and CAs in MSIE using the Xenroll control. | |
91 | ||
92 | =head1 SEE ALSO | |
93 | ||
b6b66573 DMSP |
94 | L<openssl(1)>, |
95 | L<openssl-pkcs7(1)> | |
5e76807b | 96 | |
e2f92610 RS |
97 | =head1 COPYRIGHT |
98 | ||
b6b66573 | 99 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 100 | |
449040b4 | 101 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
102 | this file except in compliance with the License. You can obtain a copy |
103 | in the file LICENSE in the source distribution or at | |
104 | L<https://www.openssl.org/source/license.html>. | |
105 | ||
106 | =cut |