I have a 323kb P7B containing 100 certificate that I've created from a 340kb PEM bundle. When I attempt to sign the P7B it completes but the output is instead only a 3k P7B containing the signature and signing cert only and none of the internal P7B content.
This is the openssl command I'm using:
openssl crl2pkcs7 -nocrl -certfile "$TIMENOW/$1/$1.pem" -out "$TIMENOW/$1/$1.p7b" # Convert the PEM to P7B
openssl cms -sign -inform DER -in "$TIMENOW/$1/$1.p7b" -outform DER -out "$TIMENOW/$1/$1.signed.p7b" -signer $SIGNERCERT -inkey $SIGNERKEY
The desired outcome is a signed P7B containing the unsigned P7B, signing cert, and signature.