A whole bunch of juniper routers just went down due to an expired certificate:
http://www.gossamer-threads.com/lists/nsp/juniper/50450 We set the cerowrt https certificates to expire in 2072. I plan on being safely dead by then... but... I worried that I might actually get uploaded instead... and still be around... so there's a cron job to create new ones every year. 1 3 2 1 * /etc/make-webcerts.sh # regen the web certs every year feb 1 at 3am It bugs me that the openssl syntax for generating certs is so arcane, and it bothers me more that there are people making bad certs out there for mission critical equipment. "We're sorry, your vw bug can't start due to an expired certificate... we're sorry, your nuclear reactor's coolant interfaces can't start due to an expired certificate." It kind of dwarfs the Y2038 problem in that it can happen anywhere, anytime. -- Dave Täht _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
