On Tue 07-09-11 01:55, Olivier Ricou wrote: > The last one for today, only dedicated to the lovers of > Openssl and GSI. > > It seems I have two hashes identicals for two different files: > > [hermes]~/.globus % openssl x509 -hash -in ~/ca/TerapixCA/cacert.pem > 190a3da5 > -----BEGIN CERTIFICATE----- > MIICPzCCAaigAwIBAgIBADANBgkqhkiG9w0BAQQFADBCMQswCQYDVQQGEwJGUjEM > MAoGA1UEChMDSUFQMRAwDgYDVQQLEwdUZXJhcGl4MRMwEQYDVQQDEwpUZXJhcGl4 > IENBMB4XDTA3MDkxMDIzMjI1MloXDTEyMDkwODIzMjI1MlowQjELMAkGA1UEBhMC > RlIxDDAKBgNVBAoTA0lBUDEQMA4GA1UECxMHVGVyYXBpeDETMBEGA1UEAxMKVGVy > YXBpeCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoAA5yfFbrtnAniH2 > hpJmcX9RPTsAWh9O6URQEm2IDpuVS+Z5Icf6mZl7Hez8sH70eHAzBUnfekGWC1PA > tJ6MlNqYr6Q7soB0KK+8VXEgy+qEhO3COwE3KIKIsmE9am26g+Frz6W+/Wyh7abi > rXLXS6cfZLIxGcPngRcqyv04iwsCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAd > BgNVHQ4EFgQU8Tl8XgTPf15QQuBJ8OqLy/dg7lowEQYJYIZIAYb4QgEBBAQDAgAH > MA0GCSqGSIb3DQEBBAUAA4GBAJClzHxylypbM7/YI5h5hvnMrGKWyXMWmRBr4gjv > dJCieJqERlKmWk7TDVCfdt0O1Xz/bpzGqJwr5tlND2NU+PD1kf0Fo8sNizQDLHUE > JqolkvQpbW/m6/YADqzwdzKKl34cku0ylfiPlH9ZRsKIClGInlRKahZTfHteIhHG > Q7aL > -----END CERTIFICATE----- > [hermes]~/.globus % openssl x509 -hash -in certificates/190a3da5.0 > 190a3da5 > -----BEGIN CERTIFICATE----- > MIICPzCCAaigAwIBAgIBADANBgkqhkiG9w0BAQQFADBCMQswCQYDVQQGEwJGUjEM > MAoGA1UEChMDSUFQMRAwDgYDVQQLEwdUZXJhcGl4MRMwEQYDVQQDEwpUZXJhcGl4 > IENBMB4XDTA3MDkxMDIyNDUxMloXDTEyMDkwODIyNDUxMlowQjELMAkGA1UEBhMC > RlIxDDAKBgNVBAoTA0lBUDEQMA4GA1UECxMHVGVyYXBpeDETMBEGA1UEAxMKVGVy > YXBpeCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5OOjpA8+KnMb/lPe > p7sV+mdgYQwm/gqYLpajUkmZzCQwH6OXmFq5xvrgUHfSaFr4TsnjEdDw4HzUQwPn > DwIyFlJQ9B7PLenh986YmMtyt1ckOG3z1CVyfa79AXDu7j37RmQ1GGK3kytcA7gf > LvrxNjvEDzUDTGb/GkJqRS2bV4MCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAd > BgNVHQ4EFgQU1y6dexwVBBgErg/0yJanBUavGYAwEQYJYIZIAYb4QgEBBAQDAgAH > MA0GCSqGSIb3DQEBBAUAA4GBAL15UJ8byvXDsJd3z9p1SH8voIbGIKIKeBb8kQWm > kvll7bBlz/fFzljIHNmnLAfmBowHh/HJshH8BNdZSkDKkjjA91LDK8cZJhfhZfwa > B7D4wcY5KB7nmg2dpnYdJ4+L/jVFPAdhgKI9Tg8FTsFqILEzrw6SVOgeVtVoziQT > SKLP > -----END CERTIFICATE----- > > These 2 files have been made by setup-simple-ca. The first one > comes from the directory I choosed with the option -dir and the > second one was in BUILD/globus_simple_ca_190a3da5_setup-0.18/. > I would have expected both to be the same but they are only for > the first 4 lignes. > > BUILD/globus_simple_ca_190a3da5_setup-0.18/190a3da5.0 is not correct, > I mean it is not the public key of the CA that signed my user key. > The right one is Terapix/cacert.pem. So what is this > BUILD/globus_simple_ca_190a3da5_setup-0.18/190a3da5.0 ?
The 8-digit hash of a certificate is computed from its subject name. In your case both files have the same subject name, namely "/C=FR/O=IAP/OU=Terapix/CN=Terapix CA". You probably don't want to use both of these. If you do want both of them for some reason, you can install them as "190a3da5.0" and "190a3da5.1" (I've never tried this). (You can distinguish between certificates, even if they have the same hash, by examining their MD5 or (better) SHA1 fingerprints.) As for why you have both of them in the first place, that's probably a question for someone who's more familiar with SimpleCA. -- Keith Thompson <[EMAIL PROTECTED]> San Diego Supercomputer Center <http://users.sdsc.edu/~kst/> 858-822-0853 "We must do something. This is something. Therefore, we must do this." -- Antony Jay and Jonathan Lynn, "Yes Minister"
