DER encoded hash

Question

according to the manpage of stunnel4

the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert (the first 4 bytes of the MD5 hash in least significant byte order).

How can I produce a such thing ?

I tried, unsuccessfully :s :

openssl x509 -in cert.crt -inform PEM -out cert.der -outform DER

then

openssl dgst cert.der

score 3 · Accepted Answer · answered Apr 24 '14 at 14:14

3

Try this:

# openssl x509 -in cert.pem -noout -hash
c59f9aac

This will give you the hash that OpenSSL is expecting to get for a certificates directory.

answered Apr 24 '14 at 14:14

Florin Asăvoaie

6,932
22
35

The documentation for stunnel4 is probably not up to date, but with a modern version of OpenSSL, you'd need `-subject_hash_old` to produce an MD5 hash, since `-hash` would use SHA-1. (Details [here](http://serverfault.com/a/401120/47187).) I guess stunnel4 might not care either way and delegate all this to the version of OpenSSL it's linked to. – Bruno May 16 '14 at 01:50
Yes, any application using OpenSSL does (or at least should) delegate all this to the underlying OpenSSL library. – Florin Asăvoaie May 16 '14 at 19:49

score 2 · Answer 2 · edited Jun 11 '20 at 10:02

2

`c_rehash`, `openssl rehash`

Create symbolic links to files named by the hash values.

See man c_rehash or openssl rehash:

On some platforms, the openssl rehash command is available as an external script called c_rehash. They are functionally equivalent, except for minor differences noted [in the manpages].

edited Jun 11 '20 at 10:02

Community

1

answered Apr 14 '18 at 05:56

Andrew Siplas

134
4

DER encoded hash

2 Answers2

c_rehash, openssl rehash

Create symbolic links to files named by the hash values.

`c_rehash`, `openssl rehash`