AW: expired ssl certificate

The expiration time is checked by the client. If you want to turn checking off, you have to modify the client. But this is what you wanted to avoid. So the best thing you can do right now is to create a new certificate, this time with a long expiration time, e.g. 100 years. Matthias

Re: expired ssl certificate

). Hence, server cert renew or reky is transparent to client. Erwin -- From: Dinh, Thao V CIV NSWCDD, K72 thao.d...@navy.mil Sent: Thursday, April 12, 2012 7:56 AM To: openssl-users@openssl.org Subject: RE: expired ssl certificate Thank You very

Re: expired ssl certificate

On Thu, Apr 12, 2012, Ashok C wrote: Hi, I had almost the same requirement and eventually achieved it by patching my openssl package's x509_verify code to do the check_cert_time() method optionally depending on some conditions. Ideally I feel openSSL should provide a validation flag like

RE: expired ssl certificate

: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erwin Himawan Sent: Wednesday, April 11, 2012 2:57 PM To: openssl-users@openssl.org Subject: Re: expired ssl certificate Reading Nou's proposal, I have the impression that the client needs to be modified

Re: expired ssl certificate

On Thu, Apr 12, 2012, Dinh, Thao V CIV NSWCDD, K72 wrote: Thank You very, very much for all for help. I have a couple more questions: 1) what is max time you can have on expiration ?? Technically the 31st December but you have to consider the security strength of the key used and how

RE: expired ssl certificate

Thao Dinh -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun Sent: Tuesday, April 10, 2012 3:15 PM To: openssl-users@openssl.org Subject: RE: expired ssl certificate You can use a verification callback to look

RE: expired ssl certificate

??? Thank You Thao Dinh -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun Sent: Tuesday, April 10, 2012 3:15 PM To: openssl-users@openssl.org Subject: RE: expired ssl certificate You can use a verification callback

Re: expired ssl certificate

Subject: RE: expired ssl certificate Hi Nou Please help me understand more about this subject ( I am new to Openssl) 1. What happen if the peer presents an expired certificate and we do not implement callback using SSL_CTX_set_verify with SSL_VERIFY_PEER flag set, will the SSL_connect

Re: expired ssl certificate

, Thao V CIV NSWCDD, K72 Sent: April 11, 2012 4:19 AM To: openssl-users@openssl.org Subject: RE: expired ssl certificate Hi Nou Please help me understand more about this subject ( I am new to Openssl) 1. What happen if the peer presents an expired certificate and we do not implement callback

expired ssl certificate

Hi, I have a server application and the client uses https to connect to the server. For this I had created an openssl self signed certificate cacert.pem which has been distributed to all the client applications. Now unfortunately the certificate has expired. I can create a new

RE: expired ssl certificate

To: openssl-...@openssl.org; openssl-users@openssl.org Subject: expired ssl certificate Hi, I have a server application and the client uses https to connect to the server. For this I had created an openssl self signed certificate cacert.pem which has been distributed to all the client