C_REHASH(1SSL) OpenSSL C_REHASH(1SSL)
c_rehash - Create symbolic links to files named by the hash values
c_rehash [directory] ...
c_rehash scans directories and takes a hash value of each .pem and .crt
file in the directory. It then creates symbolic links for each of the
files named by the hash value. This is useful as many programs require
directories to be set up like this in order to find the certificates
If any directories are named on the command line then these directories
are processed in turn. If not then and the environment variable
SSL_CERT_DIR is defined then that is consulted. This variable should be
a colon (:) separated list of directories, all of which will be pro-
cessed. If neither of these conditions are true then /usr/lib/ssl/certs
For each directory that is to be processed he user must have write per-
missions on the directory, if they do not then nothing will be printed
for that directory.
Note that this program deletes all the symbolic links that look like
ones that it creates before processing a directory. Beware that if you
run the program on a directory that contains symbolic links for other
purposes that are named in the same format as those created by this
program they will be lost.
The hashes for certificate files are of the form <hash>.<n> where n is
an integer. If the hash value already exists then n will be incre-
mented, unless the file is a duplicate. Duplicates are detected using
the fingerprint of the certificate. A warning will be printed if a
duplicate is detected. The hashes for CRL files are of the form
<hash>.r<n> and have the same behavior.
The program will also warn if there are files with extension .pem which
are not certificate or CRL files.
The program uses the openssl program to compute the hashes and finger-
prints. It expects the executable to be named openssl and be on the
PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment
variable is defined then this is used instead as the executable that
provides the hashes and fingerprints. When called as $OPENSSL x509
-hash -fingerprint -noout -in $file it must output the hash of $file on
the first line followed by the fingerprint on the second line, option-
ally prefixed with some text and an equals sign (=).
The name (and path) of an executable to use to generate hashes and
fingerprints (see above).
Colon separated list of directories to operate on. Ignored if
directories are listed on the command line.
No known bugs
0.9.8c 2009-09-12 C_REHASH(1SSL)
Man(1) output converted with
list of all man pages