13 Apr
2014
13 Apr
'14
3:38 a.m.
manu@netbsd.org (Emmanuel Dreyfus) writes:
Christian Kratzer ck-lists@cksoft.de wrote:
it is standard openssl behavior to load certs from CERTHASH.0 and crls from CERTHASH.r0
I am glad it makses some sense. Is it documented anywhere?
See man c_rehash, for example.
You can generate the hash from a certificate using "openssl x509 hash"
ck@pohjola: {112} openssl x509 -noout -hash -in CA.cert faf58a99You generally set a symlink from the hash to your certificate and crl using
ln -s CA.cert `openssl x509 -noout -hash -in CA.cert`.0 ln -s CA.crl `openssl x509 -noout -hash -in CA.cert`.r0I fixed the second like to be a link to the CRL and not to the CA.
It happily loads ${hash}.r0, it does not touch ${hash}.0, but it still looks for an inexistant ${hash}.r1 file. What should be there?
Another cert or crl with the same hash. See the man page.
--
Regards,
Feri.