7

I am following the instructions on how to import a certificate with its whole chain into a keystore. The problem I face is that I do not have c_rehash on my system:

user@hostanme$ c_rehash ./certs
-bash: c_rehash: command not found

I have found the -subject_hash option of openssl x509, but I am not sure how to use it to replicate whatever c_rehash does.

How can I hash the certificate directory without the c_rehash command/script?

Community
  • 1
  • 1
Wojtek
  • 1,410
  • 2
  • 16
  • 31

3 Answers3

15

c_rehash needs "perl" for execution. If you can not run c_rehase, try below.

use "openssl" in the Shell file 

for file in *.pem; do ln -s "$file" "$(openssl x509 -hash -noout -in "$file")".0; done
agfe2
  • 492
  • 7
  • 15
  • 4
    Needs more quotes to be correct -- this won't work right if your certificates have whitespace in their names. Consider `ln -s "$file" "$(openssl x509 -hash -noout -in "$file")"`. – Charles Duffy Feb 27 '16 at 00:20
3

user@hostanme$ c_rehash ./certs
-bash: c_rehash: command not found

You either need to install OpenSSL (perhaps a developer version) or you need to put its bin/ directory on path:

$ find /usr -iname c_rehash
/usr/bin/c_rehash
/usr/local/ssl/darwin/bin/c_rehash
/usr/local/ssl/macosx-x64/bin/c_rehash
/usr/local/ssl/macosx-x86/bin/c_rehash

And be sure you use the correct one. If I recall correctly, OpenSSL 0.9.8 uses MD5, while OpenSSL 1.0.0 and above use SHA1.

jww
  • 97,681
  • 90
  • 411
  • 885
3

The c_rehash command is available in the openssl-perl package

Source: https://bugzilla.redhat.com/show_bug.cgi?id=461123 Verified on RHEL7

Cameron Kerr
  • 1,725
  • 16
  • 23