.rn '' }` ''' ''' .de Sh .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp .if t .sp .5v .if n .sp .. .de Ip .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .de Vb .ft CW .nf .ne \\$1 .. .de Ve .ft R .fi .. ''' ''' ''' Set up \*(-- to give an unbreakable dash; ''' string Tr holds user defined translation string. ''' Bell System Logo is used as a dummy character. ''' .tr \(*W-|\(bv\*(Tr .ie n \{\ .ds -- \(*W- .ds PI pi .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch .ds L" "" .ds R" "" ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of ''' \*(L" and \*(R", except that they are used on ".xx" lines, ''' such as .IP and .SH, which do another additional levels of ''' double-quote interpretation .ds M" """ .ds S" """ .ds N" """"" .ds T" """"" .ds L' ' .ds R' ' .ds M' ' .ds S' ' .ds N' ' .ds T' ' 'br\} .el\{\ .ds -- \(em\| .tr \*(Tr .ds L" `` .ds R" '' .ds M" `` .ds S" '' .ds N" `` .ds T" '' .ds L' ` .ds R' ' .ds M' ` .ds S' ' .ds N' ` .ds T' ' .ds PI \(*p 'br\} .\" If the F register is turned on, we'll generate .\" index entries out stderr for the following things: .\" TH Title .\" SH Header .\" Sh Subsection .\" Ip Item .\" X<> Xref (embedded .\" Of course, you have to process the output yourself .\" in some meaninful fashion. .if \nF \{ .de IX .tm Index:\\$1\t\\n%\t"\\$2" .. .nr % 0 .rr F .\} .TH CRL2PKCS7 1 "0.9.5a" "22/Jul/100" "OpenSSL" .UC .if n .hy 0 .if n .na .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .de CQ \" put $1 in typewriter font .ft CW 'if n "\c 'if t \\&\\$1\c 'if n \\&\\$1\c 'if n \&" \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 '.ft R .. .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 . \" AM - accent mark definitions .bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds ? ? . ds ! ! . ds / . ds q .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E .ds oe o\h'-(\w'o'u*4/10)'e .ds Oe O\h'-(\w'O'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds v \h'-1'\o'\(aa\(ga' . ds _ \h'-1'^ . ds . \h'-1'. . ds 3 3 . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE . ds oe oe . ds Oe OE .\} .rm #[ #] #H #V #F C .SH "NAME" crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates. .SH "SYNOPSIS" \fBopenssl\fR \fBpkcs7\fR [\fB\-inform PEM|DER\fR] [\fB\-outform PEM|DER\fR] [\fB\-in filename\fR] [\fB\-out filename\fR] [\fB\-print_certs\fR] .SH "DESCRIPTION" The \fBcrl2pkcs7\fR command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate \*(L"certificates only\*(R" structure. .SH "COMMAND OPTIONS" .Ip "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR" 4 This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of the \s-1DER\s0 form with header and footer lines. .Ip "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR" 4 This specifies the \s-1PKCS\s0#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1PKCS\s0#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of the \s-1DER\s0 form with header and footer lines. .Ip "\fB\-in filename\fR" 4 This specifies the input filename to read a \s-1CRL\s0 from or standard input if this option is not specified. .Ip "\fB\-out filename\fR" 4 specifies the output filename to write the \s-1PKCS\s0#7 structure to or standard output by default. .Ip "\fB\-certfile filename\fR" 4 specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. All certificates in the file will be added to the \s-1PKCS\s0#7 structure. This option can be used more than once to read certificates form multiple files. .Ip "\fB\-nocrl\fR" 4 normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is included in the output file and a \s-1CRL\s0 is not read from the input file. .SH "EXAMPLES" Create a PKCS#7 structure from a certificate and CRL: .PP .Vb 1 \& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem .Ve Creates a PKCS#7 structure in DER format with no CRL from several different certificates: .PP .Vb 2 \& openssl crl2pkcs7 -nocrl -certfile newcert.pem \& -certfile demoCA/cacert.pem -outform DER -out p7.der .Ve .SH "NOTES" The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL. .PP This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert. .PP The \fBPEM\fR encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control. .SH "SEE ALSO" the \fIpkcs7(1)|pkcs7(1)\fR manpage .rn }` '' .IX Title "CRL2PKCS7 1" .IX Name "crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates." .IX Header "NAME" .IX Header "SYNOPSIS" .IX Header "DESCRIPTION" .IX Header "COMMAND OPTIONS" .IX Item "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR" .IX Item "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR" .IX Item "\fB\-in filename\fR" .IX Item "\fB\-out filename\fR" .IX Item "\fB\-certfile filename\fR" .IX Item "\fB\-nocrl\fR" .IX Header "EXAMPLES" .IX Header "NOTES" .IX Header "SEE ALSO"