Helping openssl find your cert

For those situations where you end up with a directory of certificates — openssl will use a hash to look up the cert it needs in that directory. You can generate that hash using the following command:

openssl x509 -hash -in <cert.pem> -noout

openssl will then look for HASH.0 for the certificate and HASH.r0 for the CRL associated with that cert.

For example, the following could be useful:
# ln -s ca.crt `openssl x509 -hash -noout -in ca.crt `.0 # ln -s ca.crl `openssl x509 -hash -noout -in ca.crt `.r0

Written by Lee Verberne

2008-12-02 at 21:19

Posted in Unix-type stuff

Tagged with openssl

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

tech stuff.