crl2pkcs7.pod revision 100936
159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skriscrl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 9100936SnectarB<openssl> B<crl2pkcs7> 1059191Skris[B<-inform PEM|DER>] 1159191Skris[B<-outform PEM|DER>] 1259191Skris[B<-in filename>] 1359191Skris[B<-out filename>] 14100936Snectar[B<-certfile filename>] 15100936Snectar[B<-nocrl>] 1659191Skris 1759191Skris=head1 DESCRIPTION 1859191Skris 1959191SkrisThe B<crl2pkcs7> command takes an optional CRL and one or more 2059191Skriscertificates and converts them into a PKCS#7 degenerate "certificates 2159191Skrisonly" structure. 2259191Skris 2359191Skris=head1 COMMAND OPTIONS 2459191Skris 2559191Skris=over 4 2659191Skris 2759191Skris=item B<-inform DER|PEM> 2859191Skris 2959191SkrisThis specifies the CRL input format. B<DER> format is DER encoded CRL 3059191Skrisstructure.B<PEM> (the default) is a base64 encoded version of 3159191Skristhe DER form with header and footer lines. 3259191Skris 3359191Skris=item B<-outform DER|PEM> 3459191Skris 3559191SkrisThis specifies the PKCS#7 structure output format. B<DER> format is DER 3659191Skrisencoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of 3759191Skristhe DER form with header and footer lines. 3859191Skris 3959191Skris=item B<-in filename> 4059191Skris 4159191SkrisThis specifies the input filename to read a CRL from or standard input if this 4259191Skrisoption is not specified. 4359191Skris 4459191Skris=item B<-out filename> 4559191Skris 4659191Skrisspecifies the output filename to write the PKCS#7 structure to or standard 4759191Skrisoutput by default. 4859191Skris 4959191Skris=item B<-certfile filename> 5059191Skris 5159191Skrisspecifies a filename containing one or more certificates in B<PEM> format. 5259191SkrisAll certificates in the file will be added to the PKCS#7 structure. This 5359191Skrisoption can be used more than once to read certificates form multiple 5459191Skrisfiles. 5559191Skris 5659191Skris=item B<-nocrl> 5759191Skris 5859191Skrisnormally a CRL is included in the output file. With this option no CRL is 5959191Skrisincluded in the output file and a CRL is not read from the input file. 6059191Skris 6159191Skris=back 6259191Skris 6359191Skris=head1 EXAMPLES 6459191Skris 6559191SkrisCreate a PKCS#7 structure from a certificate and CRL: 6659191Skris 6759191Skris openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem 6859191Skris 6959191SkrisCreates a PKCS#7 structure in DER format with no CRL from several 7059191Skrisdifferent certificates: 7159191Skris 7259191Skris openssl crl2pkcs7 -nocrl -certfile newcert.pem 7359191Skris -certfile demoCA/cacert.pem -outform DER -out p7.der 7459191Skris 7559191Skris=head1 NOTES 7659191Skris 7759191SkrisThe output file is a PKCS#7 signed data structure containing no signers and 7859191Skrisjust certificates and an optional CRL. 7959191Skris 8059191SkrisThis utility can be used to send certificates and CAs to Netscape as part of 8159191Skristhe certificate enrollment process. This involves sending the DER encoded output 8259191Skrisas MIME type application/x-x509-user-cert. 8359191Skris 8459191SkrisThe B<PEM> encoded form with the header and footer lines removed can be used to 8559191Skrisinstall user certificates and CAs in MSIE using the Xenroll control. 8659191Skris 8759191Skris=head1 SEE ALSO 8859191Skris 8959191SkrisL<pkcs7(1)|pkcs7(1)> 9059191Skris 9159191Skris=cut 92