PKCS7(1) | OpenSSL | PKCS7(1) |
-inform DER|PEM | This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines. |
-outform DER|PEM | This specifies the output format, the options have the same meaning as the -inform option. |
-in filename | This specifies the input filename to read from or standard input if this option is not specified. |
-out filename | specifies the output filename to write to or standard output by default. |
-print_certs | prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. |
-text | prints out certificates details in full rather than just subject and issuer names. |
-noout | don't output the encoded version of the PKCS#7 structure (or certificates is -print_certs is set). |
-engine id | specifying an engine (by its unique id string) will cause pkcs7 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. |
openssl pkcs7 -in file.pem -outform DER -out file.der
Output all certificates in a file:
openssl pkcs7 -in file.pem -print_certs -out certs.pem
-----BEGIN PKCS7----- -----END PKCS7-----
For compatibility with some CAs it will also accept:
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFC2630.
July 20, 2009 | 1.0.1-dev |