crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
] [ -inform PEM|DER
] [ -in filename
] [ -out filename
] [ -nocrl
command takes an optional CRL and one or more certificates
and converts them into a PKCS#7 degenerate "certificates only"
- Print out a usage message.
- -inform DER|PEM
- This specifies the CRL input format. DER format is
DER encoded CRL structure. PEM (the default) is a base64 encoded
version of the DER form with header and footer lines.
- -outform DER|PEM
- This specifies the PKCS#7 structure output format.
DER format is DER encoded PKCS#7 structure. PEM (the
default) is a base64 encoded version of the DER form with header and
- -in filename
- This specifies the input filename to read a CRL from or
standard input if this option is not specified.
- -out filename
- specifies the output filename to write the PKCS#7 structure
to or standard output by default.
- -certfile filename
- specifies a filename containing one or more certificates in
PEM format. All certificates in the file will be added to the
PKCS#7 structure. This option can be used more than once to read
certificates form multiple files.
- normally a CRL is included in the output file. With this
option no CRL is included in the output file and a CRL is not read from
the input file.
Create a PKCS#7 structure from a certificate and CRL:
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
Creates a PKCS#7 structure in DER format with no CRL from several different
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
The output file is a PKCS#7 signed data structure containing no signers and just
certificates and an optional CRL.
This utility can be used to send certificates and CAs to Netscape as part of the
certificate enrollment process. This involves sending the DER encoded output
as MIME type application/x-x509-user-cert.
encoded form with the header and footer lines removed can be used
to install user certificates and CAs in MSIE using the Xenroll control.
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy in the
file LICENSE in the source distribution or at