2 ''' $RCSfile$$Revision$$Date$
20 .ie \\n(.$>=3 .ne \\$3
36 ''' Set up \*(-- to give an unbreakable dash;
37 ''' string Tr holds user defined translation string.
38 ''' Bell System Logo is used as a dummy character.
44 .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
45 .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
48 ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
49 ''' \*(L" and \*(R", except that they are used on ".xx" lines,
50 ''' such as .IP and .SH, which do another additional levels of
51 ''' double-quote interpretation
80 .\" If the F register is turned on, we'll generate
81 .\" index entries out stderr for the following things:
86 .\" X<> Xref (embedded
87 .\" Of course, you have to process the output yourself
88 .\" in some meaninful fashion.
91 .tm Index:\\$1\t\\n%\t"\\$2"
96 .TH CRL2PKCS7 1 "0.9.7d" "2/Sep/2004" "OpenSSL"
100 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
101 .de CQ \" put $1 in typewriter font
107 \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
110 .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
111 . \" AM - accent mark definitions
113 . \" fudge factors for nroff and troff
122 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
128 . \" simple accents for nroff and troff
141 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
142 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
143 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
144 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
145 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
146 . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
147 . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
148 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
149 . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
151 . \" troff and (daisy-wheel) nroff accents
152 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
153 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
154 .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
155 .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
156 .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
157 .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
158 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
159 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
160 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
161 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
162 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
163 .ds ae a\h'-(\w'a'u*4/10)'e
164 .ds Ae A\h'-(\w'A'u*4/10)'E
165 .ds oe o\h'-(\w'o'u*4/10)'e
166 .ds Oe O\h'-(\w'O'u*4/10)'E
167 . \" corrections for vroff
168 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
169 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
170 . \" for low resolution devices (crt and lpr)
171 .if \n(.H>23 .if \n(.V>19 \
175 . ds v \h'-1'\o'\(aa\(ga'
191 crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates.
193 \fBopenssl\fR \fBcrl2pkcs7\fR
194 [\fB\-inform PEM|DER\fR]
195 [\fB\-outform PEM|DER\fR]
196 [\fB\-in filename\fR]
197 [\fB\-out filename\fR]
198 [\fB\-certfile filename\fR]
201 The \fBcrl2pkcs7\fR command takes an optional CRL and one or more
202 certificates and converts them into a PKCS#7 degenerate \*(L"certificates
204 .SH "COMMAND OPTIONS"
205 .Ip "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR" 4
206 This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0
207 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
208 the \s-1DER\s0 form with header and footer lines.
209 .Ip "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR" 4
210 This specifies the \s-1PKCS\s0#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0
211 encoded \s-1PKCS\s0#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
212 the \s-1DER\s0 form with header and footer lines.
213 .Ip "\fB\-in filename\fR" 4
214 This specifies the input filename to read a \s-1CRL\s0 from or standard input if this
215 option is not specified.
216 .Ip "\fB\-out filename\fR" 4
217 specifies the output filename to write the \s-1PKCS\s0#7 structure to or standard
219 .Ip "\fB\-certfile filename\fR" 4
220 specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format.
221 All certificates in the file will be added to the \s-1PKCS\s0#7 structure. This
222 option can be used more than once to read certificates form multiple
224 .Ip "\fB\-nocrl\fR" 4
225 normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is
226 included in the output file and a \s-1CRL\s0 is not read from the input file.
228 Create a PKCS#7 structure from a certificate and CRL:
231 \& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
233 Creates a PKCS#7 structure in DER format with no CRL from several
234 different certificates:
237 \& openssl crl2pkcs7 -nocrl -certfile newcert.pem
238 \& -certfile demoCA/cacert.pem -outform DER -out p7.der
241 The output file is a PKCS#7 signed data structure containing no signers and
242 just certificates and an optional CRL.
244 This utility can be used to send certificates and CAs to Netscape as part of
245 the certificate enrollment process. This involves sending the DER encoded output
246 as MIME type application/x-x509-user-cert.
248 The \fBPEM\fR encoded form with the header and footer lines removed can be used to
249 install user certificates and CAs in MSIE using the Xenroll control.
254 .IX Title "CRL2PKCS7 1"
255 .IX Name "crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates."
259 .IX Header "SYNOPSIS"
261 .IX Header "DESCRIPTION"
263 .IX Header "COMMAND OPTIONS"
265 .IX Item "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR"
267 .IX Item "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR"
269 .IX Item "\fB\-in filename\fR"
271 .IX Item "\fB\-out filename\fR"
273 .IX Item "\fB\-certfile filename\fR"
275 .IX Item "\fB\-nocrl\fR"
277 .IX Header "EXAMPLES"
281 .IX Header "SEE ALSO"