Hashing the certificate authority file

From cosign wiki

(Difference between revisions)
Jump to: navigation, search
Current revision (15:58, 28 April 2007) (edit) (undo)
m (Unix and Unix-like systems: hash links)
 
(One intermediate revision not shown.)
Line 3: Line 3:
== Unix and Unix-like systems ==
== Unix and Unix-like systems ==
-
Use c_rehash.
+
c_rehash .
-
 
+
or
 +
for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done
== Windows ==
== Windows ==
Line 15: Line 16:
A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0.
A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0.
-
In your [[IISCosign config file|cosign.dll.config file]] have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file).
+
In your [[IISCosign Config File|cosign.dll.config file]] have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file).

Current revision

Certificate authority certs are used by the filters to verify the identity of the weblogin server. OpenSSL looks up a hash value associated with the CA file and uses is to do said verification.

[edit] Unix and Unix-like systems

c_rehash .

or

for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done

[edit] Windows

From a command prompt, run:

openssl x509 -noout -hash -in \path\to\CAfileexample.pem

A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0.

In your cosign.dll.config file have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file).

Personal tools