159191Skris=pod
259191Skris
359191Skris=head1 NAME
459191Skris
559191Skriscrl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
659191Skris
759191Skris=head1 SYNOPSIS
859191Skris
9100936SnectarB<openssl> B<crl2pkcs7>
1059191Skris[B<-inform PEM|DER>]
1159191Skris[B<-outform PEM|DER>]
1259191Skris[B<-in filename>]
1359191Skris[B<-out filename>]
14100936Snectar[B<-certfile filename>]
15100936Snectar[B<-nocrl>]
1659191Skris
1759191Skris=head1 DESCRIPTION
1859191Skris
1959191SkrisThe B<crl2pkcs7> command takes an optional CRL and one or more
2059191Skriscertificates and converts them into a PKCS#7 degenerate "certificates
2159191Skrisonly" structure.
2259191Skris
2359191Skris=head1 COMMAND OPTIONS
2459191Skris
2559191Skris=over 4
2659191Skris
2759191Skris=item B<-inform DER|PEM>
2859191Skris
2959191SkrisThis specifies the CRL input format. B<DER> format is DER encoded CRL
3059191Skrisstructure.B<PEM> (the default) is a base64 encoded version of
3159191Skristhe DER form with header and footer lines.
3259191Skris
3359191Skris=item B<-outform DER|PEM>
3459191Skris
3559191SkrisThis specifies the PKCS#7 structure output format. B<DER> format is DER
3659191Skrisencoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
3759191Skristhe DER form with header and footer lines.
3859191Skris
3959191Skris=item B<-in filename>
4059191Skris
4159191SkrisThis specifies the input filename to read a CRL from or standard input if this
4259191Skrisoption is not specified.
4359191Skris
4459191Skris=item B<-out filename>
4559191Skris
4659191Skrisspecifies the output filename to write the PKCS#7 structure to or standard
4759191Skrisoutput by default.
4859191Skris
4959191Skris=item B<-certfile filename>
5059191Skris
5159191Skrisspecifies a filename containing one or more certificates in B<PEM> format.
5259191SkrisAll certificates in the file will be added to the PKCS#7 structure. This
5359191Skrisoption can be used more than once to read certificates form multiple
5459191Skrisfiles.
5559191Skris
5659191Skris=item B<-nocrl>
5759191Skris
5859191Skrisnormally a CRL is included in the output file. With this option no CRL is
5959191Skrisincluded in the output file and a CRL is not read from the input file.
6059191Skris
6159191Skris=back
6259191Skris
6359191Skris=head1 EXAMPLES
6459191Skris
6559191SkrisCreate a PKCS#7 structure from a certificate and CRL:
6659191Skris
6759191Skris openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
6859191Skris
6959191SkrisCreates a PKCS#7 structure in DER format with no CRL from several
7059191Skrisdifferent certificates:
7159191Skris
7259191Skris openssl crl2pkcs7 -nocrl -certfile newcert.pem 
7359191Skris	-certfile demoCA/cacert.pem -outform DER -out p7.der
7459191Skris
7559191Skris=head1 NOTES
7659191Skris
7759191SkrisThe output file is a PKCS#7 signed data structure containing no signers and
7859191Skrisjust certificates and an optional CRL.
7959191Skris
8059191SkrisThis utility can be used to send certificates and CAs to Netscape as part of
8159191Skristhe certificate enrollment process. This involves sending the DER encoded output
8259191Skrisas MIME type application/x-x509-user-cert.
8359191Skris
8459191SkrisThe B<PEM> encoded form with the header and footer lines removed can be used to
8559191Skrisinstall user certificates and CAs in MSIE using the Xenroll control.
8659191Skris
8759191Skris=head1 SEE ALSO
8859191Skris
8959191SkrisL<pkcs7(1)|pkcs7(1)>
9059191Skris
9159191Skris=cut
92