crl2pkcs7
» Table of Contents |  | | » Index | | |
| | |
| ||
| ||
Synopsis
openssl crl2pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-certfile filename] [-nocrl]DESCRIPTION
The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure.
COMMAND OPTIONS
-inform DER|PEM
This specifies the CRL input format. DER format is DER encoded CRL structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines.
-outform DER|PEM
This specifies the PKCS#7 structure output format. DER format is DER encoded PKCS#7 structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.
-in filename
This specifies the input filename to read a CRL from or standard input if this option is not specified.
-out filename
specifies the output filename to write the PKCS#7 structure to or standard output by default.
-certfile filename
specifies a filename containing one or more certificates in PEM format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files.
-nocrl
normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file.
EXAMPLES
Create a PKCS#7 structure from a certificate and CRL:
|
|
|
Creates a PKCS#7 structure in DER format with no CRL from several different certificates:
|
|
|
NOTES
The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL.
This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert.
The PEM encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control.