Provided by: openssl_1.0.1f-1ubuntu2.27_amd64 bug

NAME

       c_rehash - Create symbolic links to files named by the hash values

SYNOPSIS

       c_rehash [directory] ...

DESCRIPTION

       c_rehash scans directories and takes a hash value of each .pem and .crt file in the
       directory. It then creates symbolic links for each of the files named by the hash value.
       This is useful as many programs require directories to be set up like this in order to
       find the certificates they require.

       If any directories are named on the command line then these directories are processed in
       turn. If not then and the environment variable SSL_CERT_DIR is defined then that is
       consulted. This variable should be a colon (:) separated list of directories, all of which
       will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is
       processed.

       For each directory that is to be processed he user must have write permissions on the
       directory, if they do not then nothing will be printed for that directory.

       Note that this program deletes all the symbolic links that look like ones that it creates
       before processing a directory. Beware that if you run the program on a directory that
       contains symbolic links for other purposes that are named in the same format as those
       created by this program they will be lost.

       The hashes for certificate files are of the form <hash>.<n> where n is an integer. If the
       hash value already exists then n will be incremented, unless the file is a duplicate.
       Duplicates are detected using the fingerprint of the certificate. A warning will be
       printed if a duplicate is detected. The hashes for CRL files are of the form <hash>.r<n>
       and have the same behavior.

       The program will also warn if there are files with extension .pem which are not
       certificate or CRL files.

       The program uses the openssl program to compute the hashes and fingerprints. It expects
       the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin
       directory. If the OPENSSL environment variable is defined then this is used instead as the
       executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash
       -fingerprint -noout -in $file it must output the hash of $file on the first line followed
       by the fingerprint on the second line, optionally prefixed with some text and an equals
       sign (=).

OPTIONS

       None

ENVIRONMENT

       OPENSSL
           The name (and path) of an executable to use to generate hashes and fingerprints (see
           above).

       SSL_CERT_DIR
           Colon separated list of directories to operate on. Ignored if directories are listed
           on the command line.

SEE ALSO

       openssl(1), x509(1)

BUGS

       No known bugs