tech stuff.

For those situations where you end up with a directory of certificates — openssl will use a hash to look up the cert it needs in that directory.  You can generate that hash using the following command:

openssl x509 -hash -in <cert.pem> -noout

openssl will then look for HASH.0 for the certificate and HASH.r0 for the CRL associated with that cert.

For example, the following could be useful:

# ln -s ca.crt `openssl x509 -hash -noout -in ca.crt `.0
# ln -s ca.crl `openssl x509 -hash -noout -in ca.crt `.r0