1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948B<openssl> B<crl2pkcs7> 10*2175Sjp161948[B<-inform PEM|DER>] 11*2175Sjp161948[B<-outform PEM|DER>] 12*2175Sjp161948[B<-in filename>] 13*2175Sjp161948[B<-out filename>] 14*2175Sjp161948[B<-certfile filename>] 15*2175Sjp161948[B<-nocrl>] 16*2175Sjp161948 17*2175Sjp161948=head1 DESCRIPTION 18*2175Sjp161948 19*2175Sjp161948The B<crl2pkcs7> command takes an optional CRL and one or more 20*2175Sjp161948certificates and converts them into a PKCS#7 degenerate "certificates 21*2175Sjp161948only" structure. 22*2175Sjp161948 23*2175Sjp161948=head1 COMMAND OPTIONS 24*2175Sjp161948 25*2175Sjp161948=over 4 26*2175Sjp161948 27*2175Sjp161948=item B<-inform DER|PEM> 28*2175Sjp161948 29*2175Sjp161948This specifies the CRL input format. B<DER> format is DER encoded CRL 30*2175Sjp161948structure.B<PEM> (the default) is a base64 encoded version of 31*2175Sjp161948the DER form with header and footer lines. 32*2175Sjp161948 33*2175Sjp161948=item B<-outform DER|PEM> 34*2175Sjp161948 35*2175Sjp161948This specifies the PKCS#7 structure output format. B<DER> format is DER 36*2175Sjp161948encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of 37*2175Sjp161948the DER form with header and footer lines. 38*2175Sjp161948 39*2175Sjp161948=item B<-in filename> 40*2175Sjp161948 41*2175Sjp161948This specifies the input filename to read a CRL from or standard input if this 42*2175Sjp161948option is not specified. 43*2175Sjp161948 44*2175Sjp161948=item B<-out filename> 45*2175Sjp161948 46*2175Sjp161948specifies the output filename to write the PKCS#7 structure to or standard 47*2175Sjp161948output by default. 48*2175Sjp161948 49*2175Sjp161948=item B<-certfile filename> 50*2175Sjp161948 51*2175Sjp161948specifies a filename containing one or more certificates in B<PEM> format. 52*2175Sjp161948All certificates in the file will be added to the PKCS#7 structure. This 53*2175Sjp161948option can be used more than once to read certificates form multiple 54*2175Sjp161948files. 55*2175Sjp161948 56*2175Sjp161948=item B<-nocrl> 57*2175Sjp161948 58*2175Sjp161948normally a CRL is included in the output file. With this option no CRL is 59*2175Sjp161948included in the output file and a CRL is not read from the input file. 60*2175Sjp161948 61*2175Sjp161948=back 62*2175Sjp161948 63*2175Sjp161948=head1 EXAMPLES 64*2175Sjp161948 65*2175Sjp161948Create a PKCS#7 structure from a certificate and CRL: 66*2175Sjp161948 67*2175Sjp161948 openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem 68*2175Sjp161948 69*2175Sjp161948Creates a PKCS#7 structure in DER format with no CRL from several 70*2175Sjp161948different certificates: 71*2175Sjp161948 72*2175Sjp161948 openssl crl2pkcs7 -nocrl -certfile newcert.pem 73*2175Sjp161948 -certfile demoCA/cacert.pem -outform DER -out p7.der 74*2175Sjp161948 75*2175Sjp161948=head1 NOTES 76*2175Sjp161948 77*2175Sjp161948The output file is a PKCS#7 signed data structure containing no signers and 78*2175Sjp161948just certificates and an optional CRL. 79*2175Sjp161948 80*2175Sjp161948This utility can be used to send certificates and CAs to Netscape as part of 81*2175Sjp161948the certificate enrollment process. This involves sending the DER encoded output 82*2175Sjp161948as MIME type application/x-x509-user-cert. 83*2175Sjp161948 84*2175Sjp161948The B<PEM> encoded form with the header and footer lines removed can be used to 85*2175Sjp161948install user certificates and CAs in MSIE using the Xenroll control. 86*2175Sjp161948 87*2175Sjp161948=head1 SEE ALSO 88*2175Sjp161948 89*2175Sjp161948L<pkcs7(1)|pkcs7(1)> 90*2175Sjp161948 91*2175Sjp161948=cut 92