"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File

This section provides a tutorial example on how to create a PKCS7 file with a single certificate using the 'openssl crl2pkcs7 -nocrl' command.

If you want to create a PKCS7 file with a single certificate, you can use the "openssl crl2pkcs7 -nocrl" command as shown in this tutorial.

1. Create a PKCS7 file with a single certificate.

herong$ openssl crl2pkcs7 -nocrl -certfile hy-cert.pem \
  -out hy-cert.p7b 

2. Look at the PKCS7 file. It is written in PEM format and marked as "PKCS7".

herong$ more hy-cert.p7b

-----BEGIN PKCS7-----
MIIBmAYJKoZIhvcNAQcCoIIBiTCCAYUCAQExADALBgkqhkiG9w0BBwGgggFrMIIB
ZzCB8AICEAEwCQYHKoZIzj0EATAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMKWlog
..
yM7JASPNS4eplzuVS0l0sqpts9h1JerQoQAxAA==
-----END PKCS7-----

3. Print out certificate information from the PKCS7 file.

herong$ openssl pkcs7 -in hy-cert.p7b -noout -print_certs

  subject=/C=ZZ/CN=Herong Yang
  issuer=/C=ZZ/CN=ZZ Root CA

4. Extract certificate out of the PKCS7 file.

herong$ openssl pkcs7 -in hy-cert.p7b -print_certs -outform PEM 

subject=/C=ZZ/CN=Herong Yang
issuer=/C=ZZ/CN=ZZ Root CA
-----BEGIN CERTIFICATE-----
MIIBZzCB8AICEAEwCQYHKoZIzj0EATAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMK
WlogUm9vdCBDQTAeFw0yNDExMjQxMzM0MDRaFw0yNTExMjQxMzM0MDRaMCMxCzAJ
...
4u/8yM7JASPNS4eplzuVS0l0sqpts9h1JerQ
-----END CERTIFICATE-----

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

PKCS7 Certificate Chain File

 What Is PKCS7 File Format

"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File

 "openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain

 ASN.1 Data Structure of PKCS7 File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB