Wednesday, May 26, 2010

TLS_cacertdir and openssl lookups

Openldap, tls_cacertdir:/etc/yahweh/certs

"In order for OpenSSL to find the certificate, it needs to be looked up as its hash. Normally, you would create a symbolic link for a meaningful name of the CA to the hash value, rather than renaming the CA certificate. The symbolic link must be for the hashed value above, plus ".0" If you forget the ".0" then OpenSSL won't detect it.

FInding hash:

"openssl x509 -noout -hash -in ca_cert.pem"

No comments: