c_rehash(1)
C_REHASH(1) OpenSSL C_REHASH(1)
NAME
c_rehash - Create symbolic links to files named by the hash
values
SYNOPSIS
c_rehash [-old] [-h] [-n] [-v] [ directory...]
DESCRIPTION
c_rehash scans directories and calculates a hash value of
each ".pem", ".crt", ".cer", or ".crl" file in the specified
directory list and creates symbolic links for each file,
where the name of the link is the hash value. (If the
platform does not support symbolic links, a copy is made.)
This utility is useful as many programs that use OpenSSL
require directories to be set up like this in order to find
certificates.
If any directories are named on the command line, then those
are processed in turn. If not, then the SSL_CERT_DIR
environment variable is consulted; this shold be a colon-
separated list of directories, like the Unix PATH variable.
If that is not set then the default directory
(installation-specific but often /usr/local/ssl/certs) is
processed.
In order for a directory to be processed, the user must have
write permissions on that directory, otherwise it will be
skipped. The links created are of the form "HHHHHHHH.D",
where each H is a hexadecimal character and D is a single
decimal digit. When processing a directory, c_rehash will
first remove all links that have a name in that syntax. If
you have links in that format used for other purposes, they
will be removed. To skip the removal step, use the -n flag.
Hashes for CRL's look similar except the letter r appears
after the period, like this: "HHHHHHHH.rD".
Multiple objects may have the same hash; they will be
indicated by incrementing the D value. Duplicates are found
by comparing the full SHA-1 fingerprint. A warning will be
displayed if a duplicate is found.
A warning will also be displayed if there are files that
cannot be parsed as either a certificate or a CRL.
The program uses the openssl program to compute the hashes
and fingerprints. If not found in the user's PATH, then set
the OPENSSL environment variable to the full pathname. Any
program can be used, it will be invoked as follows for
either a certificate or CRL:
$OPENSSL x509 -hash -fingerprint -noout -in FILENAME
$OPENSSL crl -hash -fingerprint -noout -in FILENAME
1.0.2t Last change: 2019-09-10 1
C_REHASH(1) OpenSSL C_REHASH(1)
where FILENAME is the filename. It must output the hash of
the file on the first line, and the fingerprint on the
second, optionally prefixed with some text and an equals
sign.
OPTIONS
-old
Use old-style hashing (MD5, as opposed to SHA-1) for
generating links for releases before 1.0.0. Note that
current versions will not use the old style.
-h Display a brief usage message.
-n Do not remove existing links. This is needed when
keeping new and old-style links in the same directory.
-v Print messages about old links removed and new links
created. By default, c_rehash only lists each directory
as it is processed.
ENVIRONMENT
OPENSSL
The path to an executable to use to generate hashes and
fingerprints (see above).
SSL_CERT_DIR
Colon separated list of directories to operate on.
Ignored if directories are listed on the command line.
SEE ALSO
openssl(1), crl(1). x509(1).
1.0.2t Last change: 2019-09-10 2
Man(1) output converted with
man2html