CRL2PKCS7(1)                OpenSSL                CRL2PKCS7(1)





NAME
       crl2pkcs7 - Create a PKCS#7 structure from a CRL and
       certificates.

SYNOPSIS
       openssl crl2pkcs7 [-inform PEM|DER] [-outform PEM|DER]
       [-in filename] [-out filename] [-certfile filename]
       [-nocrl]

DESCRIPTION
       The crl2pkcs7 command takes an optional CRL and one or
       more certificates and converts them into a PKCS#7 degen-
       erate "certificates only" structure.

COMMAND OPTIONS
       -inform DER|PEM
           This specifies the CRL input format. DER format is
           DER encoded CRL structure.PEM (the default) is a
           base64 encoded version of the DER form with header
           and footer lines.

       -outform DER|PEM
           This specifies the PKCS#7 structure output format.
           DER format is DER encoded PKCS#7 structure.PEM (the
           default) is a base64 encoded version of the DER form
           with header and footer lines.

       -in filename
           This specifies the input filename to read a CRL from
           or standard input if this option is not specified.

       -out filename
           specifies the output filename to write the PKCS#7
           structure to or standard output by default.

       -certfile filename
           specifies a filename containing one or more certifi-
           cates in PEM format.  All certificates in the file
           will be added to the PKCS#7 structure. This option
           can be used more than once to read certificates form
           multiple files.

       -nocrl
           normally a CRL is included in the output file. With
           this option no CRL is included in the output file
           and a CRL is not read from the input file.

EXAMPLES
       Create a PKCS#7 structure from a certificate and CRL:

        openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

       Creates a PKCS#7 structure in DER format with no CRL
       from several different certificates:

        openssl crl2pkcs7 -nocrl -certfile newcert.pem
               -certfile demoCA/cacert.pem -outform DER -out p7.der

NOTES
       The output file is a PKCS#7 signed data structure con-
       taining no signers and just certificates and an optional
       CRL.

       This utility can be used to send certificates and CAs to
       Netscape as part of the certificate enrollment process.
       This involves sending the DER encoded output as MIME
       type application/x-x509-user-cert.

       The PEM encoded form with the header and footer lines
       removed can be used to install user certificates and CAs
       in MSIE using the Xenroll control.

SEE ALSO
       pkcs7(1)



0.9.7c                     2002-07-09              CRL2PKCS7(1)
