> On Feb 1, 2018, at 11:43 AM, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
> The "c_rehash" tool is an OpenSSL utility that generates symlinks in a
> directory full of certificate files such that each symlink name is derived
> from a cryptographic hash of the "Subject" of the certificate file to which
> it points. This is to support rapid identification of trusted certificates
> cited as the "Issuer" of a certificate being verified. If your OpenSSL is
> properly installed, you can get all the details from 'man c_rehash' and if
> not, you can see the man page for v1.0.2 at
> https://www.openssl.org/docs/man1.0.2/apps/c_rehash.html.
Good clarification, thanks. I just want to emphasize that
the "directory full of certificate files" needs to have one
certificate per file, as only the first certificate in each
file is processed by c_rehash. There's not much point in
using CApath if all the certificates are in the same file,
so that's not supported.
--
Viktor.
