On 4/8/21 5:41 AM, Patrick Monnerat via curl-library wrote: > . . . >> europa$ grep '89:80:cc:26' /opt/bw/ssl/certs/* >> /opt/bw/ssl/certs/USERTrust_ECC_Certification_Authority.pem: >> 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 >> europa$ grep '0e:35:03:2d' /opt/bw/ssl/certs/* >> /opt/bw/ssl/certs/USERTrust_RSA_Certification_Authority.pem: >> 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d >> >> >> Those are exactly what is needed. > > If you use ca-path rather than ca-bundle with openssl, certificates in > that directory have to be named according to a hash in order to be found > by openssl. > > To create a soft link properly named use: > > ln -s <certname> `openssl x509 -in <certname> -noout -hash`.0 > > There is also a command to hash a whole directory: > https://www.openssl.org/docs/manmaster/man1/c_rehash.html >
Brilliant! Thank you. For quite some time I did wonder where those file numbers/names were coming from : alpha$ cd /opt/bw/ssl/certs alpha$ ls -lapb total 1802 drwxr-xr-x 2 root root 595 Jul 12 2020 ./ drwxr-xr-x 5 root root 9 Mar 27 00:35 ../ lrwxrwxrwx 1 root root 26 Jan 20 2019 00673b5b.0 -> thawte_Primary_Root_CA.pem lrwxrwxrwx 1 root root 45 Jan 20 2019 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem lrwxrwxrwx 1 root root 23 Jan 20 2019 02756ea4.0 -> Certplus_Root_CA_G1.pem lrwxrwxrwx 1 root root 31 Jan 20 2019 02b73561.0 -> Comodo_Secure_Services_root.pem . . . etc etc etc -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html