Hashing the certificate authority file

From cosign wiki

Revision as of 12:20, 13 December 2006 (edit) Jarod (Talk | contribs) (→Windows) ← Older edit		Current revision (15:58, 28 April 2007) (edit) (undo) Sp@univie.ac.at (Talk | contribs) m (→Unix and Unix-like systems: hash links)
Line 3:		Line 3:
	== Unix and Unix-like systems ==		== Unix and Unix-like systems ==
-	Use c_rehash.	+	c_rehash .
-		+	or
		+	for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done
	== Windows ==		== Windows ==

---

Current revision

Certificate authority certs are used by the filters to verify the identity of the weblogin server. OpenSSL looks up a hash value associated with the CA file and uses is to do said verification.

[edit] Unix and Unix-like systems

c_rehash .

or

for cert in *.pem; do ln -s $cert `openssl x509 -in $cert -noout -hash`.0; done

[edit] Windows

From a command prompt, run:

openssl x509 -noout -hash -in \path\to\CAfileexample.pem

A hash value is displayed. Copy-and-paste the contents of the CAfileexample.pem file into a file called [hash value].0.

In your cosign.dll.config file have <CAFilePath> point to the folder where the hash is located. (Whereas pre-1.1.1 it would point directly to the file).