1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3*b077aed3SPierre Pronchery 4*b077aed3SPierre Pronchery=head1 NAME 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Proncheryopenssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre ProncheryB<openssl> B<crl2pkcs7> 11*b077aed3SPierre Pronchery[B<-help>] 12*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>] 13*b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 14*b077aed3SPierre Pronchery[B<-in> I<filename>] 15*b077aed3SPierre Pronchery[B<-out> I<filename>] 16*b077aed3SPierre Pronchery[B<-certfile> I<filename>] 17*b077aed3SPierre Pronchery[B<-nocrl>] 18*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 19*b077aed3SPierre Pronchery 20*b077aed3SPierre Pronchery=head1 DESCRIPTION 21*b077aed3SPierre Pronchery 22*b077aed3SPierre ProncheryThis command takes an optional CRL and one or more 23*b077aed3SPierre Proncherycertificates and converts them into a PKCS#7 degenerate "certificates 24*b077aed3SPierre Proncheryonly" structure. 25*b077aed3SPierre Pronchery 26*b077aed3SPierre Pronchery=head1 OPTIONS 27*b077aed3SPierre Pronchery 28*b077aed3SPierre Pronchery=over 4 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery=item B<-help> 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryPrint out a usage message. 33*b077aed3SPierre Pronchery 34*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM> 35*b077aed3SPierre Pronchery 36*b077aed3SPierre ProncheryThe input format of the CRL; the default is B<PEM>. 37*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryThe output format of the PKCS#7 object; the default is B<PEM>. 42*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 43*b077aed3SPierre Pronchery 44*b077aed3SPierre Pronchery=item B<-in> I<filename> 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryThis specifies the input filename to read a CRL from or standard input if this 47*b077aed3SPierre Proncheryoption is not specified. 48*b077aed3SPierre Pronchery 49*b077aed3SPierre Pronchery=item B<-out> I<filename> 50*b077aed3SPierre Pronchery 51*b077aed3SPierre ProncherySpecifies the output filename to write the PKCS#7 structure to or standard 52*b077aed3SPierre Proncheryoutput by default. 53*b077aed3SPierre Pronchery 54*b077aed3SPierre Pronchery=item B<-certfile> I<filename> 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncherySpecifies a filename containing one or more certificates in B<PEM> format. 57*b077aed3SPierre ProncheryAll certificates in the file will be added to the PKCS#7 structure. This 58*b077aed3SPierre Proncheryoption can be used more than once to read certificates from multiple 59*b077aed3SPierre Proncheryfiles. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=item B<-nocrl> 62*b077aed3SPierre Pronchery 63*b077aed3SPierre ProncheryNormally a CRL is included in the output file. With this option no CRL is 64*b077aed3SPierre Proncheryincluded in the output file and a CRL is not read from the input file. 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=back 69*b077aed3SPierre Pronchery 70*b077aed3SPierre Pronchery=head1 EXAMPLES 71*b077aed3SPierre Pronchery 72*b077aed3SPierre ProncheryCreate a PKCS#7 structure from a certificate and CRL: 73*b077aed3SPierre Pronchery 74*b077aed3SPierre Pronchery openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncheryCreates a PKCS#7 structure in DER format with no CRL from several 77*b077aed3SPierre Proncherydifferent certificates: 78*b077aed3SPierre Pronchery 79*b077aed3SPierre Pronchery openssl crl2pkcs7 -nocrl -certfile newcert.pem 80*b077aed3SPierre Pronchery -certfile demoCA/cacert.pem -outform DER -out p7.der 81*b077aed3SPierre Pronchery 82*b077aed3SPierre Pronchery=head1 NOTES 83*b077aed3SPierre Pronchery 84*b077aed3SPierre ProncheryThe output file is a PKCS#7 signed data structure containing no signers and 85*b077aed3SPierre Proncheryjust certificates and an optional CRL. 86*b077aed3SPierre Pronchery 87*b077aed3SPierre ProncheryThis command can be used to send certificates and CAs to Netscape as part of 88*b077aed3SPierre Proncherythe certificate enrollment process. This involves sending the DER encoded output 89*b077aed3SPierre Proncheryas MIME type application/x-x509-user-cert. 90*b077aed3SPierre Pronchery 91*b077aed3SPierre ProncheryThe B<PEM> encoded form with the header and footer lines removed can be used to 92*b077aed3SPierre Proncheryinstall user certificates and CAs in MSIE using the Xenroll control. 93*b077aed3SPierre Pronchery 94*b077aed3SPierre Pronchery=head1 SEE ALSO 95*b077aed3SPierre Pronchery 96*b077aed3SPierre ProncheryL<openssl(1)>, 97*b077aed3SPierre ProncheryL<openssl-pkcs7(1)> 98*b077aed3SPierre Pronchery 99*b077aed3SPierre Pronchery=head1 COPYRIGHT 100*b077aed3SPierre Pronchery 101*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 102*b077aed3SPierre Pronchery 103*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 104*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 105*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 106*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 107*b077aed3SPierre Pronchery 108*b077aed3SPierre Pronchery=cut 109