Hitachi

Hitachi Application Server V10 Command Reference Guide (For UNIX® Systems)

3.3.1 hwscertutil cert -hash

Creating a hash link

Synopsis

hwscertutil cert -noout -hash -in CA-certificate-file

Storage location

Application Server installation directory/httpsd/sbin

Function

To perform a certificate validity check, specify the certificate of the certificate issuer CA in the SSLCACertificateFile directive or SSLCACertificatePath directive. In the SSLCACertificatePath directive, specify the directory that stores the symbolic link (hash link) with the hash value that points to the certificate of the certificate issuer CA.

The hash value is created by using the hwscertutil cert command.

If the SSLCACertificatePath directive is specified, the certificate search can be performed efficiently on the Web server by using the hash value. If there are many CA certificates, we recommend that you specify the SSLCACertificatePath directive rather than the SSLCACertificateFile directive. Note that one hash value must be assigned per certificate, so you cannot specify a file with multiple certificates when creating the hash link.

When generating the symbolic link in the hash link directory that is specified in the SSLCACertificatePath directive, you must add .0 to the hash value. Grant the read and execution permissions to the directory to be specified in the SSLCACertificatePath directive so that the user specified in the User and Group directives can access the directory.

Execution permission

Superuser

Arguments

-in CA-certificate-file

Specify the CA certificate file for which the hash link value is created.

Usage example

An example of the hash link directory and CA certificate for the following directory and file is given below:

/opt/hitachi/APServer/httpsd/conf/ssl/cacerts: Hash link directory

/opt/hitachi/APServer/httpsd/conf/ssl/cacert/cacert.pem: Certificate of the CA

cd /opt/hitachi/APServer/httpsd/conf/ssl/cacerts
ln -s /opt/hitachi/APServer/httpsd/conf/ssl/cacert/cacert.pem `hwscertutil cert
 -noout -hash -in /opt/hitachi/APServer/httpsd/conf/ssl/cacert/cacert.pem`.0

This creates the xxxxxxxx.0 hash link for /opt/hitachi/APServer/httpsd/conf/ssl/cacert/cacert.pem.

Exit Status

Exit Status

Explanation

0

command executed successfully.

Other than 0

error in executing the command.

To Page Top

Trademarks

Copyright (C) 2015, Hitachi, Ltd.

Copyright (C) 2013, Oracle and/or its affiliates. All rights reserved.