[Openswan Users] Certified Validity

Andy fs at globalnetit.com
Tue Aug 23 15:35:43 CEST 2005


If you create the certificate with openssl, you can specify the starting
date with the -startdate option.
Here's a trick I've used in shell scripts, it'll make the cert valid
from 1 day ago, enough to compensate for most timezone differences:

  SD=$(date -d yesterday -u +%y%m%d%H%M%SZ)
  openssl ca -in ${hostname}req.pem -out ${hostname}.pem -startdate $SD


BTW - the clock on your system is set for 3 days ago!

On Sat, 2005-08-20 at 13:10 -0500, Mauricio Perez wrote:
> Hello:
> I have a freswan VPN , and everytime i create a certified it says that's not
> going to be valid for about 8 hours,
> 
> 
> Data Base Updated
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 109 (0x6d)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=xx, ST=xx, L=xx, O=xxxx, CN=Moda xx at xxx.com.co
>         Validity
>             Not Before: Aug 23 18:11:51 2005 GMT
>             Not After : Aug 21 18:11:51 2015 GMT
>         Subject: C=xx, ST=xx, L=xx, O=xxx, OU=xx, CN=xxx
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
> 
> is there any way to make it valid the very moment i created it ???
> 
> 
> Mauricio Perez
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list