Mac Developer Library Developer
Search

 

This manual page is for Mac OS X version 10.9

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • To learn how the manual is organized or to learn about command syntax, read the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Developer Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.



CRL2PKCS7(1)                                       OpenSSL                                      CRL2PKCS7(1)



NAME
       crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.

SYNOPSIS
       openssl crl2pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-certfile
       filename] [-nocrl]

DESCRIPTION
       The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a
       PKCS#7 degenerate "certificates only" structure.

COMMAND OPTIONS
       -inform DER|PEM
           This specifies the CRL input format. DER format is DER encoded CRL structure.PEM (the default) is
           a base64 encoded version of the DER form with header and footer lines.

       -outform DER|PEM
           This specifies the PKCS#7 structure output format. DER format is DER encoded PKCS#7 structure.PEM
           (the default) is a base64 encoded version of the DER form with header and footer lines.

       -in filename
           This specifies the input filename to read a CRL from or standard input if this option is not
           specified.

       -out filename
           specifies the output filename to write the PKCS#7 structure to or standard output by default.

       -certfile filename
           specifies a filename containing one or more certificates in PEM format.  All certificates in the
           file will be added to the PKCS#7 structure. This option can be used more than once to read
           certificates form multiple files.

       -nocrl
           normally a CRL is included in the output file. With this option no CRL is included in the output
           file and a CRL is not read from the input file.

EXAMPLES
       Create a PKCS#7 structure from a certificate and CRL:

        openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

       Creates a PKCS#7 structure in DER format with no CRL from several different certificates:

        openssl crl2pkcs7 -nocrl -certfile newcert.pem
               -certfile demoCA/cacert.pem -outform DER -out p7.der

NOTES
       The output file is a PKCS#7 signed data structure containing no signers and just certificates and an
       optional CRL.

       This utility can be used to send certificates and CAs to Netscape as part of the certificate
       enrollment process. This involves sending the DER encoded output as MIME type
       application/x-x509-user-cert.

       The PEM encoded form with the header and footer lines removed can be used to install user
       certificates and CAs in MSIE using the Xenroll control.

SEE ALSO
       pkcs7(1)



50                                               2013-03-05                                     CRL2PKCS7(1)

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation to the OpenSSL project by sending email to openssl-bugs@openssl.org.
Bug reports
Report bugs in the functionality of the described tool or API to Apple through Bug Reporter and to the OpenSSL project by sending email to openssl-bugs@openssl.org.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.

Feedback