Your company here, and a link to your site. Click to find out more.

openssl-pkcs7.1ossl - Man Page

PKCS#7 command


openssl pkcs7 [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-print] [-print_certs] [-quiet] [-text] [-noout] [-engine id] [-provider name] [-provider-path path] [-propquery propq]


This command processes PKCS#7 files.  Note that it only understands PKCS#7 v 1.5 as specified in IETF RFC 2315.  It cannot currently parse CMS as described in IETF RFC 2630.



Print out a usage message.

-inform DER|PEM, -outform DER|PEM

The input and formats; the default is PEM. See openssl-format-options(1) for details.

The data is a PKCS#7 Version 1.5 structure.

-in filename

This specifies the input filename to read from or standard input if this option is not specified.

-out filename

Specifies the output filename to write to or standard output by default.


Print out the full PKCS7 object.


Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.


When used with -print_certs, prints out just the PEM-encoded  certificates without any other output.


Prints out certificate details in full rather than just subject and issuer names.


Don't output the encoded version of the PKCS#7 structure (or certificates if -print_certs is set).

-engine id

See "Engine Options" in openssl(1). This option is deprecated.

-provider name
-provider-path path
-propquery propq

See "Provider Options" in openssl(1), provider(7), and property(7).


Convert a PKCS#7 file from PEM to DER:

 openssl pkcs7 -in file.pem -outform DER -out file.der

Output all certificates in a file:

 openssl pkcs7 -in file.pem -print_certs -out certs.pem

See Also

openssl(1), openssl-crl2pkcs7(1)


The -engine option was deprecated in OpenSSL 3.0.

Referenced By

openssl.1ossl(1), openssl-cmds.1ossl(1), openssl-crl2pkcs7.1ossl(1).

2024-06-06 3.2.2 OpenSSL