tech stuff.

Helping openssl find your cert

leave a comment »

For those situations where you end up with a directory of certificates — openssl will use a hash to look up the cert it needs in that directory.  You can generate that hash using the following command:

openssl x509 -hash -in <cert.pem> -noout

openssl will then look for HASH.0 for the certificate and HASH.r0 for the CRL associated with that cert.

For example, the following could be useful:

# ln -s ca.crt `openssl x509 -hash -noout -in ca.crt `.0
# ln -s ca.crl `openssl x509 -hash -noout -in ca.crt `.r0

Written by Lee Verberne

2008/12/02 at 21:19

Posted in Unix-type stuff

Tagged with

«
»

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: