PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File
This section provides a tutorial example on how to create a PKCS7 file with a single certificate using the 'openssl crl2pkcs7 -nocrl' command.
If you want to create a PKCS7 file with a single certificate, you can use the "openssl crl2pkcs7 -nocrl" command as shown in this tutorial.
1. Create a PKCS7 file with a single certificate.
herong$ openssl crl2pkcs7 -nocrl -certfile hy-cert.pem \ -out hy-cert.p7b
2. Look at the PKCS7 file. It is written in PEM format and marked as "PKCS7".
herong$ more hy-cert.p7b -----BEGIN PKCS7----- MIIBmAYJKoZIhvcNAQcCoIIBiTCCAYUCAQExADALBgkqhkiG9w0BBwGgggFrMIIB ZzCB8AICEAEwCQYHKoZIzj0EATAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMKWlog .. yM7JASPNS4eplzuVS0l0sqpts9h1JerQoQAxAA== -----END PKCS7-----
3. Print out certificate information from the PKCS7 file.
herong$ openssl pkcs7 -in hy-cert.p7b -noout -print_certs subject=/C=ZZ/CN=Herong Yang issuer=/C=ZZ/CN=ZZ Root CA
4. Extract certificate out of the PKCS7 file.
herong$ openssl pkcs7 -in hy-cert.p7b -print_certs -outform PEM subject=/C=ZZ/CN=Herong Yang issuer=/C=ZZ/CN=ZZ Root CA -----BEGIN CERTIFICATE----- MIIBZzCB8AICEAEwCQYHKoZIzj0EATAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMK WlogUm9vdCBDQTAeFw0yNDExMjQxMzM0MDRaFw0yNTExMjQxMzM0MDRaMCMxCzAJ ... 4u/8yM7JASPNS4eplzuVS0l0sqpts9h1JerQ -----END CERTIFICATE-----
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File
►"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain
ASN.1 Data Structure of PKCS7 File