crl2pkcs7.pod revision 59191
159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skriscrl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl> B<pkcs7> 1059191Skris[B<-inform PEM|DER>] 1159191Skris[B<-outform PEM|DER>] 1259191Skris[B<-in filename>] 1359191Skris[B<-out filename>] 1459191Skris[B<-print_certs>] 1559191Skris 1659191Skris=head1 DESCRIPTION 1759191Skris 1859191SkrisThe B<crl2pkcs7> command takes an optional CRL and one or more 1959191Skriscertificates and converts them into a PKCS#7 degenerate "certificates 2059191Skrisonly" structure. 2159191Skris 2259191Skris=head1 COMMAND OPTIONS 2359191Skris 2459191Skris=over 4 2559191Skris 2659191Skris=item B<-inform DER|PEM> 2759191Skris 2859191SkrisThis specifies the CRL input format. B<DER> format is DER encoded CRL 2959191Skrisstructure.B<PEM> (the default) is a base64 encoded version of 3059191Skristhe DER form with header and footer lines. 3159191Skris 3259191Skris=item B<-outform DER|PEM> 3359191Skris 3459191SkrisThis specifies the PKCS#7 structure output format. B<DER> format is DER 3559191Skrisencoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of 3659191Skristhe DER form with header and footer lines. 3759191Skris 3859191Skris=item B<-in filename> 3959191Skris 4059191SkrisThis specifies the input filename to read a CRL from or standard input if this 4159191Skrisoption is not specified. 4259191Skris 4359191Skris=item B<-out filename> 4459191Skris 4559191Skrisspecifies the output filename to write the PKCS#7 structure to or standard 4659191Skrisoutput by default. 4759191Skris 4859191Skris=item B<-certfile filename> 4959191Skris 5059191Skrisspecifies a filename containing one or more certificates in B<PEM> format. 5159191SkrisAll certificates in the file will be added to the PKCS#7 structure. This 5259191Skrisoption can be used more than once to read certificates form multiple 5359191Skrisfiles. 5459191Skris 5559191Skris=item B<-nocrl> 5659191Skris 5759191Skrisnormally a CRL is included in the output file. With this option no CRL is 5859191Skrisincluded in the output file and a CRL is not read from the input file. 5959191Skris 6059191Skris=back 6159191Skris 6259191Skris=head1 EXAMPLES 6359191Skris 6459191SkrisCreate a PKCS#7 structure from a certificate and CRL: 6559191Skris 6659191Skris openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem 6759191Skris 6859191SkrisCreates a PKCS#7 structure in DER format with no CRL from several 6959191Skrisdifferent certificates: 7059191Skris 7159191Skris openssl crl2pkcs7 -nocrl -certfile newcert.pem 7259191Skris -certfile demoCA/cacert.pem -outform DER -out p7.der 7359191Skris 7459191Skris=head1 NOTES 7559191Skris 7659191SkrisThe output file is a PKCS#7 signed data structure containing no signers and 7759191Skrisjust certificates and an optional CRL. 7859191Skris 7959191SkrisThis utility can be used to send certificates and CAs to Netscape as part of 8059191Skristhe certificate enrollment process. This involves sending the DER encoded output 8159191Skrisas MIME type application/x-x509-user-cert. 8259191Skris 8359191SkrisThe B<PEM> encoded form with the header and footer lines removed can be used to 8459191Skrisinstall user certificates and CAs in MSIE using the Xenroll control. 8559191Skris 8659191Skris=head1 SEE ALSO 8759191Skris 8859191SkrisL<pkcs7(1)|pkcs7(1)> 8959191Skris 9059191Skris=cut 91