B<openssl rehash> scans directories and calculates a hash value of
each F<.pem>, F<.crt>, F<.cer>, or F<.crl>
-file in the specified directory list and creates symbolic links
-for each file, where the name of the link is the hash value.
+file in the specified directory list
+that is in PEM format and contains exactly one certificate or CRL.
+The extension matching is case-insensitive and uses C locale.
+For each of these files, it creates a symbolic link with its name being the
+hash value of the certificate subject name or CRL issuer name, respectively.
+In this context, the first 4 bytes of SHA-1 digest is used.
(If the platform does not support symbolic links, a copy is made.)
This command is useful as many programs that use OpenSSL require
directories to be set up like this in order to find certificates.
Multiple objects may have the same hash; they will be indicated by
incrementing the I<D> value. Duplicates are found by comparing the
-full SHA-1 fingerprint. A warning will be displayed if a duplicate
-is found.
+full SHA-1 fingerprint of the certificate or CRL in DER representation.
+A warning will be displayed if a duplicate is found.
-A warning will also be displayed if there are files that
-cannot be parsed as either a certificate or a CRL or if
-more than one such object appears in the file.
+A warning will also be displayed if there are files with a recognized filename
+extension that cannot be parsed as either a certificate or a CRL in PEM format
+or contain more than one such object.
=head1 OPTIONS
projects / thirdparty / openssl.git / commitdiff
