crl2pkcs7.1s

openssl crl2pkcs7 [options] [-in file] [-out file]

openssl crl2pkcs7 converts Certificate Revocation Lists (CRLs) and X.509 certificates into PKCS#7 format. PKCS#7 is a standard format for storing cryptographic data, often used for certificate bundles and signed data.The command is useful for creating PKCS#7 structures that combine CRLs with their associated CA certificates. This format is commonly required by certain applications and protocols for distributing revocation information along with certificate chains.The -nocrl option allows creating PKCS#7 files containing only certificates, which is useful for distributing certificate bundles in a widely-supported format.

-in FILE

Input CRL file (can be specified multiple times).

Output PKCS#7 file.

File containing certificates to include.

Don't include the CRL in the output (certificates only).

Input CRL format: PEM or DER.

Output PKCS#7 format: PEM or DER.

The PKCS#7 output is a "degenerate" form containing only certificates and/or CRLs, with no signed content. Some applications expect the .p7b or .p7c extension for these files. The certificates in the output are not validated; any PEM certificates in the certfile are included.

PKCS#7 was defined by RSA Security as part of the Public-Key Cryptography Standards. OpenSSL's crl2pkcs7 command provides conversion between the X.509 CRL format and PKCS#7, enabling interoperability with systems that use the PKCS#7 container format.

crl(1), pkcs7(1), x509(1), openssl(1)