Helping openssl find your cert
For those situations where you end up with a directory of certificates — openssl will use a hash to look up the cert it needs in that directory. You can generate that hash using the following command:
openssl x509 -hash -in <cert.pem> -noout
openssl will then look for HASH.0 for the certificate and HASH.r0 for the CRL associated with that cert.
For example, the following could be useful:
# ln -s ca.crt `openssl x509 -hash -noout -in ca.crt `.0
# ln -s ca.crl `openssl x509 -hash -noout -in ca.crt `.r0