Idézem/Quoting Werner Flamme <[email protected]>:
Am 10.12.2020 um 12:53 schrieb Phil Townes:This issue was highlighted on a number of IT news pages and blogs in the week or two prior to the issuing CA expiring. A decent CA should also have made contact with their customers. We were also bitten by this issue as well, so I now have a shell script which checks all certificates in a chain for impending expiry. I'm happy to share if that would help anyone.Sorry, I still don't get it. How can a certificate in the chain expire before the "last" certificate (for the server) expires? That means that a CA signs customer certificates for a longer period than their own certificate is valid. Can this happen? I never saw this with mine. Their validity was shortened due to the limited validity of the CA's certificate.
It is called cross-signing :) Google it! e.g. https://scotthelme.co.uk/content/images/2019/04/image-3.png SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet 🌶️ hotline: +36-20-4242498 [email protected] skype: szepe.viktor Budapest, III. kerület
smime.p7s
Description: S/MIME Signature
