Hello, > what is the hash algorithm used in the following to output the 8-digit > string to be used as xxxxxxxx.0, .1, etc.? > > % openssl x509 -noout -hash -in inter.cert.pem > a0199d1b This is reversed first four bytes of MD5 message digest of cert subject in DER format.
For example: $ openssl asn1parse -in crt.pem .. .. 189:d=3 hl=2 l= 13 prim: UTCTIME :050217150125Z 204:d=3 hl=2 l= 13 prim: UTCTIME :060217150125Z 219:d=2 hl=3 l= 169 cons: SEQUENCE 222:d=3 hl=2 l= 11 cons: SET 224:d=4 hl=2 l= 9 cons: SEQUENCE 226:d=5 hl=2 l= 3 prim: OBJECT :countryName 231:d=5 hl=2 l= 2 prim: PRINTABLESTRING :PL 235:d=3 hl=2 l= 15 cons: SET 237:d=4 hl=2 l= 13 cons: SEQUENCE 239:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 244:d=5 hl=2 l= 6 prim: PRINTABLESTRING :Warsaw .. .. $ openssl asn1parse -in crt.pem -strparse 219 -out subject.der $ cat subject.der | openssl md5 4378bde986606a5f2dde63f418f55692 $ openssl x509 -in crt.pem -hash -noout e9bd7843 Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
