[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL



Christian Kratzer <ck-lists@cksoft.de> wrote:

> it is standard openssl behavior to load certs from CERTHASH.0 and crls
> from CERTHASH.r0

I am glad it makses some sense. Is it documented anywhere?
 
> You can generate the hash from a certificate using "openssl x509 hash"
> 
>      ck@pohjola: {112} openssl x509 -noout -hash -in CA.cert
>      faf58a99
>
> You generally set a symlink from the hash to your certificate and crl using
> 
>      ln -s CA.cert `openssl x509 -noout -hash -in CA.cert`.0
>      ln -s CA.crl  `openssl x509 -noout -hash -in CA.cert`.r0

I fixed the second like to be a link to the CRL  and not to the CA.

It happily loads ${hash}.r0, it does not touch ${hash}.0, but it still
looks for an inexistant ${hash}.r1 file. What should be there?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org