Hashing the certificate authority file
From cosign wiki
(Difference between revisions)
m (→Unix and Unix-like systems: hash links) |
|||
(One intermediate revision not shown.) | |||
Line 3: | Line 3: | ||
== Unix and Unix-like systems == | == Unix and Unix-like systems == | ||
- | + | c_rehash . | |
- | + | or | |
+ | for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done | ||
== Windows == | == Windows == | ||
Line 15: | Line 16: | ||
A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0. | A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0. | ||
- | In your [[IISCosign | + | In your [[IISCosign Config File|cosign.dll.config file]] have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file). |
Current revision
Certificate authority certs are used by the filters to verify the identity of the weblogin server. OpenSSL looks up a hash value associated with the CA file and uses is to do said verification.
[edit] Unix and Unix-like systems
c_rehash .
or
for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done
[edit] Windows
From a command prompt, run:
openssl x509 -noout -hash -in \path\to\CAfileexample.pem
A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0.
In your cosign.dll.config file have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file).