On Tue, 2012-09-25 at 16:30 +0100, Alan Cox wrote:
> On Tue, 25 Sep 2012 16:09:54 +0100
> David Howells wrote:
>
> >
> > The X.509 certificate has a pair of times in it that delineate the valid
> > period of the cert, and I'm checking that the system clock is within the
> > bounds they define be
How about the attached? I knew perl had to be good for something...
David
---
#!/usr/bin/perl -w
#
# Generate an X.509 certificate from a public key.
#
# Format:
#
# gen-x509-cert \
# [C=] [O=] [CN=] [Email=] \
# [--from=] [--to=output
#
use strict;
use POSIX qw(strftime
On Tue, 2012-09-25 at 18:31 +0100, David Howells wrote:
> Tomas Mraz wrote:
>
> > You can use openssl ca that allows to set arbitrary start date to
> > generate selfsigned certs as well (-selfsign option).
>
> That seems to require some stuff I don't have installed:
>
> warthog>openssl ca -in
Tomas Mraz wrote:
> You can use openssl ca that allows to set arbitrary start date to
> generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthog>openssl ca -in signing_key.priv -extensions v3_ca -out newcert.pem
Using configuration f
On Tue, 2012-09-25 at 16:35 +0100, David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What wo
On Tue, 25 Sep 2012 16:35:20 +0100
David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What w
Il 25/09/2012 17:35, David Howells ha scritto:
> Alan Cox wrote:
>
>> > Generate a certificate that is valid from a few minutes before the
>> > wallclock time. It's a certificate policy question not a kernel hackery
>> > one.
> That doesn't seem to be possible with openssl req. What would you re
Alan Cox wrote:
> Generate a certificate that is valid from a few minutes before the
> wallclock time. It's a certificate policy question not a kernel hackery
> one.
That doesn't seem to be possible with openssl req. What would you recommend?
David
--
To unsubscribe from this list: send the li
On Tue, 25 Sep 2012 16:09:54 +0100
David Howells wrote:
>
> The X.509 certificate has a pair of times in it that delineate the valid
> period of the cert, and I'm checking that the system clock is within the
> bounds they define before permitting you to use the cert. I've been setting
> the exp
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they define before permitting you to use the cert. I've been setting
the expiry date to be 100 years in the future - by which time hopefully I
w
10 matches
Mail list logo
