March 11, 2014 in answer
Practical: It is theoretically possible that two different certificates could be hashed to the same value. In this case, use the extension to be able to keep both certificates around. As long as there’s only one certificate using that hash, the extension doesn’t matter and you can choose whatever digit you like. (I don’t believe I’ve ever seen anyone use anything other than a 0, but there’s no rule against it.)
Conceptual: The hash is based on the certificate subject name. The purpose of using it instead of the filename is that when the program (in this case, apache) needs to find a cert, it can ask for the hash of the certificate subject name instead of having to keep an internal table of which file contains which certificate subject name.
man x509 and looking for
hash will give you a little more information, but not much.
(Also, you don’t actually need to have symlinks – you could also just name the certificate file by its hash name. But having symlinks to “subjectname.pem” will of course make it easier for us humans to figure out which cert is which.)