On Tue, 2012-09-25 at 16:30 +0100, Alan Cox wrote:
> On Tue, 25 Sep 2012 16:09:54 +0100
> David Howells wrote:
>
> >
> > The X.509 certificate has a pair of times in it that delineate the valid
> > period of the cert, and I'm checking that the system clock is within the
> > bounds they define be
How about the attached? I knew perl had to be good for something...
David
---
#!/usr/bin/perl -w
#
# Generate an X.509 certificate from a public key.
#
# Format:
#
# gen-x509-cert \
# [C=] [O=] [CN=] [Email=] \
# [--from=] [--to=output
#
use strict;
use POSIX qw(strftime
On Tue, 2012-09-25 at 18:31 +0100, David Howells wrote:
> Tomas Mraz wrote:
>
> > You can use openssl ca that allows to set arbitrary start date to
> > generate selfsigned certs as well (-selfsign option).
>
> That seems to require some stuff I don't have installed:
>
> warthog>openssl ca -in
Tomas Mraz wrote:
> You can use openssl ca that allows to set arbitrary start date to
> generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthog>openssl ca -in signing_key.priv -extensions v3_ca -out newcert.pem
Using configuration f
On Tue, 2012-09-25 at 16:35 +0100, David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What wo
On Tue, 25 Sep 2012 16:35:20 +0100
David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What w
Il 25/09/2012 17:35, David Howells ha scritto:
> Alan Cox wrote:
>
>> > Generate a certificate that is valid from a few minutes before the
>> > wallclock time. It's a certificate policy question not a kernel hackery
>> > one.
> That doesn't seem to be possible with openssl req. What would you re
Alan Cox wrote:
> Generate a certificate that is valid from a few minutes before the
> wallclock time. It's a certificate policy question not a kernel hackery
> one.
That doesn't seem to be possible with openssl req. What would you recommend?
David
--
To unsubscribe from this list: send the li
On Tue, 25 Sep 2012 16:09:54 +0100
David Howells wrote:
>
> The X.509 certificate has a pair of times in it that delineate the valid
> period of the cert, and I'm checking that the system clock is within the
> bounds they define before permitting you to use the cert. I've been setting
> the exp
