M
Michael Jacobs
Guest
Some basics that may help. The OE cert repository ($DLC/certs directory) is the location where all ROOT and intermediate CA digital certificates stored and used by SSL clients to validate a server's identity. The storage holds PEM encoded text files that are identified using a hashed file name and a ".0" file extension. All other repository files without a ".0" file extension are ignored during the SSL client's validation of the server's digital certificate. The hashed file name is the SSL library's way of indexing into the repository (directory) to find a specific digital certificate (file) by certificate 'subject' name field. What certutil does is help simplify the management of certificates without having to manually deal with the hashed file names and different binary and PEM encodings. Still, at the lowest level certutil is doing file system add, rename, and delete of individual files. (Hence the advice to simply delete the file)
Continue reading...
Continue reading...