Hi,
I'm generating x509 certificates and I'd like to backdate the notBefore
field of the certificate an hour or so.
The reason is as follows: I'm generating self-signed certificates for a
virtual web hosting setup automatically as the account is setup. I setup a
new virtual domains on my testbed server using the automated scripts, and
within thirty seconds of the account setup I was making an SSL request. I
got the normal "we don't trust this CA warning" but I also got an "this
certificate is not yet valid or expired" error. You see, the clocks on my
machines were off by a bit.
So, I'd like to backdate the notBefore field a few hours (or even a day -
what the heck).
I tried something like:
openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt \
-startdate "`date -u --date '1 hour ago' | sed 's/UTC/GMT/;'`"
But it didn't work.. It seems the startdate option only lets me get at the
startdate, not set it.
I'd like to request that this functionality be added into OpenSSL. And if
this is already doable, could you show me what I missed.
Thanks,
- David Harris
Principal Engineer, DRH Internet Services
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
