On Tue, 2012-09-25 at 16:30 +0100, Alan Cox wrote:
> On Tue, 25 Sep 2012 16:09:54 +0100
> David Howells wrote:
>
> >
> > The X.509 certificate has a pair of times in it that delineate the valid
> > period of the cert, and I'm checking that the system clock is within the
> > bounds they define
On Tue, 2012-09-25 at 16:30 +0100, Alan Cox wrote:
On Tue, 25 Sep 2012 16:09:54 +0100
David Howells dhowe...@redhat.com wrote:
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they
How about the attached? I knew perl had to be good for something...
David
---
#!/usr/bin/perl -w
#
# Generate an X.509 certificate from a public key.
#
# Format:
#
# gen-x509-cert \
# [C=] [O=] [CN=] [Email=] \
# [--from=] [--to=output
#
use strict;
use POSIX
On Tue, 2012-09-25 at 18:31 +0100, David Howells wrote:
> Tomas Mraz wrote:
>
> > You can use openssl ca that allows to set arbitrary start date to
> > generate selfsigned certs as well (-selfsign option).
>
> That seems to require some stuff I don't have installed:
>
> warthog>openssl ca -in
Tomas Mraz wrote:
> You can use openssl ca that allows to set arbitrary start date to
> generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthog>openssl ca -in signing_key.priv -extensions v3_ca -out newcert.pem
Using configuration
On Tue, 2012-09-25 at 16:35 +0100, David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What
On Tue, 25 Sep 2012 16:35:20 +0100
David Howells wrote:
> Alan Cox wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What
Il 25/09/2012 17:35, David Howells ha scritto:
> Alan Cox wrote:
>
>> > Generate a certificate that is valid from a few minutes before the
>> > wallclock time. It's a certificate policy question not a kernel hackery
>> > one.
> That doesn't seem to be possible with openssl req. What would you
Alan Cox wrote:
> Generate a certificate that is valid from a few minutes before the
> wallclock time. It's a certificate policy question not a kernel hackery
> one.
That doesn't seem to be possible with openssl req. What would you recommend?
David
--
To unsubscribe from this list: send the
On Tue, 25 Sep 2012 16:09:54 +0100
David Howells wrote:
>
> The X.509 certificate has a pair of times in it that delineate the valid
> period of the cert, and I'm checking that the system clock is within the
> bounds they define before permitting you to use the cert. I've been setting
> the
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they define before permitting you to use the cert. I've been setting
the expiry date to be 100 years in the future - by which time hopefully I
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they define before permitting you to use the cert. I've been setting
the expiry date to be 100 years in the future - by which time hopefully I
On Tue, 25 Sep 2012 16:09:54 +0100
David Howells dhowe...@redhat.com wrote:
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they define before permitting you to use the cert. I've been
Alan Cox a...@lxorguk.ukuu.org.uk wrote:
Generate a certificate that is valid from a few minutes before the
wallclock time. It's a certificate policy question not a kernel hackery
one.
That doesn't seem to be possible with openssl req. What would you recommend?
David
--
To unsubscribe from
Il 25/09/2012 17:35, David Howells ha scritto:
Alan Cox a...@lxorguk.ukuu.org.uk wrote:
Generate a certificate that is valid from a few minutes before the
wallclock time. It's a certificate policy question not a kernel hackery
one.
That doesn't seem to be possible with openssl req. What
On Tue, 25 Sep 2012 16:35:20 +0100
David Howells dhowe...@redhat.com wrote:
Alan Cox a...@lxorguk.ukuu.org.uk wrote:
Generate a certificate that is valid from a few minutes before the
wallclock time. It's a certificate policy question not a kernel hackery
one.
That doesn't seem to be
On Tue, 2012-09-25 at 16:35 +0100, David Howells wrote:
Alan Cox a...@lxorguk.ukuu.org.uk wrote:
Generate a certificate that is valid from a few minutes before the
wallclock time. It's a certificate policy question not a kernel hackery
one.
That doesn't seem to be possible with
Tomas Mraz tm...@redhat.com wrote:
You can use openssl ca that allows to set arbitrary start date to
generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthogopenssl ca -in signing_key.priv -extensions v3_ca -out newcert.pem
Using
On Tue, 2012-09-25 at 18:31 +0100, David Howells wrote:
Tomas Mraz tm...@redhat.com wrote:
You can use openssl ca that allows to set arbitrary start date to
generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthogopenssl
How about the attached? I knew perl had to be good for something...
David
---
#!/usr/bin/perl -w
#
# Generate an X.509 certificate from a public key.
#
# Format:
#
# gen-x509-cert private-key \
# [C=country] [O=org] [CN=cn] [Email=email] \
# [--from=secs-before-now]
20 matches
Mail list logo
