Problem

Starting with 7.5, the MD5 value in the .md5 files of your entity store configs does not appear to match the MD5 hash of the files themselves. For example:

C:\API\7.5.3\apigateway\conf\fed>type CertStore.md5
eb8f56255d03382b9bef43cdaf70d573
C:\API\7.5.3\apigateway\conf\fed>md5sum CertStore.xml
e29d83fd9570db7e27bea450d6da36b2 *CertStore.xml

Resolution

The content of the ".md5" files are md5 hash of the md5 binary hash of the entity store file (i.e that's a double cascaded md5 calculation). This value can be calculated via OpenSSL by using the command in the example below:

C:\API\7.5.3\apigateway\conf\fed>type CertStore.md5
eb8f56255d03382b9bef43cdaf70d573
C:\API\7.5.3\apigateway\conf\fed>openssl dgst -binary -md5 CertStore.xml | openssl dgst -hex -md5 -r
eb8f56255d03382b9bef43cdaf70d573 *stdin

MD5 was replaced in later gateway versions with SHA256. Those signatures are simpler to validate as they do not have the same double hashing scheme that the MD5 signatures did. This means that you can validate the SHA256 hashes with any tool that can generate a SHA256 hash, e.g.: openssl dgst -hex -sha256 -r CertStore.xml