Why would different versions of openssl produce different hashed filenames for the same root cert?

OpenSSL - Solaris - Windows

When I run c_rehash (OpenSSL 0.9.x in Solaris) and c_rehash (OpenSSL 1.1.x in Windows), the same exact cert.pem file gets converted to a .0 file with a completely different filename.

(Windows) cert.pem => 4e12356.0

(Solaris) cert.pem => 3e121e8.0

Why is this? Shouldn't the hash be the exact same regardless of which version of OpenSSL I'm using?


The hash used for these names changed when moving to OpenSSL 1.0. You can revert to the old behaviour using -subject_hash_old. See the documentation:

-hash

synonym for ``-subject_hash'' for backward compatibility reasons.

-subject_hash_old

outputs the ``hash'' of the certificate subject name using the older algorithm as used by OpenSSL versions before 1.0.0.

There's more background information in this message. Essentially, the hash algorithm changed from MD5 to SHA-1.