diff options
Diffstat (limited to 'openssl/doc/apps/crl2pkcs7.pod')
-rw-r--r-- | openssl/doc/apps/crl2pkcs7.pod | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/openssl/doc/apps/crl2pkcs7.pod b/openssl/doc/apps/crl2pkcs7.pod new file mode 100644 index 000000000..3797bc0df --- /dev/null +++ b/openssl/doc/apps/crl2pkcs7.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. + +=head1 SYNOPSIS + +B<openssl> B<crl2pkcs7> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-certfile filename>] +[B<-nocrl>] + +=head1 DESCRIPTION + +The B<crl2pkcs7> command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate "certificates +only" structure. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the CRL input format. B<DER> format is DER encoded CRL +structure.B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the PKCS#7 structure output format. B<DER> format is DER +encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-in filename> + +This specifies the input filename to read a CRL from or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename to write the PKCS#7 structure to or standard +output by default. + +=item B<-certfile filename> + +specifies a filename containing one or more certificates in B<PEM> format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. + +=item B<-nocrl> + +normally a CRL is included in the output file. With this option no CRL is +included in the output file and a CRL is not read from the input file. + +=back + +=head1 EXAMPLES + +Create a PKCS#7 structure from a certificate and CRL: + + openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem + +Creates a PKCS#7 structure in DER format with no CRL from several +different certificates: + + openssl crl2pkcs7 -nocrl -certfile newcert.pem + -certfile demoCA/cacert.pem -outform DER -out p7.der + +=head1 NOTES + +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional CRL. + +This utility can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the DER encoded output +as MIME type application/x-x509-user-cert. + +The B<PEM> encoded form with the header and footer lines removed can be used to +install user certificates and CAs in MSIE using the Xenroll control. + +=head1 SEE ALSO + +L<pkcs7(1)|pkcs7(1)> + +=cut |