Create a P7B certificates bundle

P7B certificates file can contain one or more certificates and a revocation list. The difference with P12 (PKCS#12), P7B (PKCS#7) cannot contain private keys.

To create a P7B file

Assuming you have frank.pem and intermediate-cert.pem

$> openssl crl2pkcs7 -nocrl -certfile frank.pem -certfile intermediate-cert.pem -out frank-bundle.p7b

You then have a fresh new P7B file !

Extract certificates from the P7B file

This is more complex and is a three step process

$> openssl pkcs7 -in frank-bundle.p7b -out frank-bundle-p7b.crt

Then use a regexp to change the delimiters

data = data.replace(/-----BEGIN PKCS7.*?-----/, "-----BEGIN CERTIFICATE-----");
data = data.replace(/-----END PKCS7.*?-----/, "-----END CERTIFICATE-----");

Then finish him with

$> openssl pkcs7 -in frank-bundle-p7b.crt -print_certs -out frank-bundle.crt

Possible options for extraction

Usage: pkcs7 [options] <infile >outfile'
'where options are',
'-inform arg input format - DER or PEM',
'-outform arg output format - DER or PEM',
'-in arg input file',
'-out arg output file',
'-print_certs print any certs or crl in the input',
'-text print full details of certificates',
'-noout don\'t output encoded data',
'-engine e use engine e, possibly a hardware device.'