openssl crl2pkcs7

Create a PKCS#7 structure from a CRL and certificates. 

openssl command


SYNOPSIS

openssl crl2pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-certfile filename] [-nocrl] [-provider name] [-provider-path path] [-propquery propq]


DESCRIPTION

The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure.

Options

-help 

Print out a usage message.

-inform DER|PEM 

The input format of the CRL; the default is PEM. See openssl-format-options for details.

-outform DER|PEM 

The output format of the CRL; the default is PEM. See openssl-format-options for details.

-in filename 

This specifies the input file name to read a CRL from or standard input if this option is not specified.

-out filename 

specifies the output file name to write the PKCS#7 structure to or standard output by default.

-certfile filename 

specifies a file name containing one or more certificates in PEM format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files.

-nocrl 

normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file.

-provider name 
-provider-path path 
-propquery propq 

See Provider Options in openssl for details.


EXAMPLES

Create a PKCS#7 structure from a certificate and CRL:

openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

Creates a PKCS#7 structure in DER format with no CRL from several different certificates:

openssl crl2pkcs7 -nocrl -certfile newcert.pem 
	-certfile demoCA/cacert.pem -outform DER -out p7.der

NOTES

The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL.

This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert.

The PEM encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control.


COPYRIGHT

Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or here: OpenSSL.


AVAILABILITY

PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition


SEE ALSO

Commands:
openssl pkcs7


PTC MKS Toolkit 10.5 Documentation Build 40.