version 1.39, 2016/07/21 18:40:26 |
version 1.40, 2016/07/23 19:31:35 |
|
|
.It Fl text |
.It Fl text |
Print out the CRL in text form. |
Print out the CRL in text form. |
.El |
.El |
.\" |
|
.\" CRL2PKCS7 |
|
.\" |
|
.Sh CRL2PKCS7 |
.Sh CRL2PKCS7 |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl crl2pkcs7" |
.Nm "openssl crl2pkcs7" |
.Bk -words |
|
.Op Fl certfile Ar file |
.Op Fl certfile Ar file |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
.Op Fl nocrl |
.Op Fl nocrl |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl certfile Ar file |
.It Fl certfile Ar file |
Specifies a |
Add the certificates in PEM |
.Ar file |
.Ar file |
containing one or more certificates in PEM format. |
to the PKCS#7 structure. |
All certificates in the file will be added to the PKCS#7 structure. |
This option can be used more than once |
This option can be used more than once to read certificates from multiple |
to read certificates from multiple files. |
files. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
Read the CRL from |
.Ar file |
.Ar file , |
to read a CRL from, or standard input if this option is not specified. |
or standard input if not specified. |
.It Fl inform Ar DER | PEM |
.It Fl inform Cm der | pem |
This specifies the CRL input format. |
Specify the CRL input format. |
.Ar DER |
|
format is a DER-encoded CRL structure. |
|
.Ar PEM |
|
.Pq the default |
|
is a base64-encoded version of the DER form with header and footer lines. |
|
.It Fl nocrl |
.It Fl nocrl |
Normally, a CRL is included in the output file. |
Normally, a CRL is included in the output file. |
With this option, no CRL is |
With this option, no CRL is |
included in the output file and a CRL is not read from the input file. |
included in the output file and a CRL is not read from the input file. |
.It Fl out Ar file |
.It Fl out Ar file |
Specifies the output |
Write the PKCS#7 structure to |
.Ar file |
.Ar file , |
to write the PKCS#7 structure to, or standard output by default. |
or standard output if not specified. |
.It Fl outform Ar DER | PEM |
.It Fl outform Cm der | pem |
This specifies the PKCS#7 structure output format. |
Specify the PKCS#7 structure output format. |
.Ar DER |
|
format is a DER-encoded PKCS#7 structure. |
|
.Ar PEM |
|
.Pq the default |
|
is a base64-encoded version of the DER form with header and footer lines. |
|
.El |
.El |
.Sh CRL2PKCS7 EXAMPLES |
|
Create a PKCS#7 structure from a certificate and CRL: |
|
.Pp |
|
.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem |
|
.Pp |
|
Create a PKCS#7 structure in DER format with no CRL from several |
|
different certificates: |
|
.Bd -literal -offset indent |
|
$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e |
|
-certfile demoCA/cacert.pem -outform DER -out p7.der |
|
.Ed |
|
.Sh CRL2PKCS7 NOTES |
|
The output file is a PKCS#7 signed data structure containing no signers and |
|
just certificates and an optional CRL. |
|
.Pp |
|
This utility can be used to send certificates and CAs to Netscape as part of |
|
the certificate enrollment process. |
|
This involves sending the DER-encoded output |
|
as MIME type |
|
.Em application/x-x509-user-cert . |
|
.Pp |
|
The PEM-encoded form with the header and footer lines removed can be used to |
|
install user certificates and CAs in MSIE using the Xenroll control. |
|
.\" |
.\" |
.\" DGST |
.\" DGST |
.\" |
.\" |