crl2pkcs7.pod revision 59191 
159191Skris=pod
259191Skris
359191Skris=head1 NAME
459191Skris
559191Skriscrl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
659191Skris
759191Skris=head1 SYNOPSIS
859191Skris
959191SkrisB<openssl> B<pkcs7>
1059191Skris[B<-inform PEM|DER>]
1159191Skris[B<-outform PEM|DER>]
1259191Skris[B<-in filename>]
1359191Skris[B<-out filename>]
1459191Skris[B<-print_certs>]
1559191Skris
1659191Skris=head1 DESCRIPTION
1759191Skris
1859191SkrisThe B<crl2pkcs7> command takes an optional CRL and one or more
1959191Skriscertificates and converts them into a PKCS#7 degenerate "certificates
2059191Skrisonly" structure.
2159191Skris
2259191Skris=head1 COMMAND OPTIONS
2359191Skris
2459191Skris=over 4
2559191Skris
2659191Skris=item B<-inform DER|PEM>
2759191Skris
2859191SkrisThis specifies the CRL input format. B<DER> format is DER encoded CRL
2959191Skrisstructure.B<PEM> (the default) is a base64 encoded version of
3059191Skristhe DER form with header and footer lines.
3159191Skris
3259191Skris=item B<-outform DER|PEM>
3359191Skris
3459191SkrisThis specifies the PKCS#7 structure output format. B<DER> format is DER
3559191Skrisencoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
3659191Skristhe DER form with header and footer lines.
3759191Skris
3859191Skris=item B<-in filename>
3959191Skris
4059191SkrisThis specifies the input filename to read a CRL from or standard input if this
4159191Skrisoption is not specified.
4259191Skris
4359191Skris=item B<-out filename>
4459191Skris
4559191Skrisspecifies the output filename to write the PKCS#7 structure to or standard
4659191Skrisoutput by default.
4759191Skris
4859191Skris=item B<-certfile filename>
4959191Skris
5059191Skrisspecifies a filename containing one or more certificates in B<PEM> format.
5159191SkrisAll certificates in the file will be added to the PKCS#7 structure. This
5259191Skrisoption can be used more than once to read certificates form multiple
5359191Skrisfiles.
5459191Skris
5559191Skris=item B<-nocrl>
5659191Skris
5759191Skrisnormally a CRL is included in the output file. With this option no CRL is
5859191Skrisincluded in the output file and a CRL is not read from the input file.
5959191Skris
6059191Skris=back
6159191Skris
6259191Skris=head1 EXAMPLES
6359191Skris
6459191SkrisCreate a PKCS#7 structure from a certificate and CRL:
6559191Skris
6659191Skris openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
6759191Skris
6859191SkrisCreates a PKCS#7 structure in DER format with no CRL from several
6959191Skrisdifferent certificates:
7059191Skris
7159191Skris openssl crl2pkcs7 -nocrl -certfile newcert.pem 
7259191Skris	-certfile demoCA/cacert.pem -outform DER -out p7.der
7359191Skris
7459191Skris=head1 NOTES
7559191Skris
7659191SkrisThe output file is a PKCS#7 signed data structure containing no signers and
7759191Skrisjust certificates and an optional CRL.
7859191Skris
7959191SkrisThis utility can be used to send certificates and CAs to Netscape as part of
8059191Skristhe certificate enrollment process. This involves sending the DER encoded output
8159191Skrisas MIME type application/x-x509-user-cert.
8259191Skris
8359191SkrisThe B<PEM> encoded form with the header and footer lines removed can be used to
8459191Skrisinstall user certificates and CAs in MSIE using the Xenroll control.
8559191Skris
8659191Skris=head1 SEE ALSO
8759191Skris
8859191SkrisL<pkcs7(1)|pkcs7(1)>
8959191Skris
9059191Skris=cut
91