openssl pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]
The pkcs7 command processes PKCS#7 files in DER or PEM format.
Print out a usage message.
- -inform DER|PEM
This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines.
- -outform DER|PEM
This specifies the output format, the options have the same meaning and default as the -inform option.
- -in filename
This specifies the input filename to read from or standard input if this option is not specified.
- -out filename
Specifies the output filename to write to or standard output by default.
Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.
Prints out certificates details in full rather than just subject and issuer names.
Don't output the encoded version of the PKCS#7 structure (or certificates is -print_certs is set).
- -engine id
Specifying an engine (by its unique id string) will cause pkcs7 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.
Convert a PKCS#7 file from PEM to DER:
openssl pkcs7 -in file.pem -outform DER -out file.der
Output all certificates in a file:
openssl pkcs7 -in file.pem -print_certs -out certs.pem
The PEM PKCS#7 format uses the header and footer lines:
-----BEGIN PKCS7----- -----END PKCS7-----
For compatibility with some CAs it will also accept:
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
There is no option to print out all the fields of a PKCS#7 file.
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFC2630.
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the License). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.