Menu
▾
▴
Re: [Openvpn-users] expiry date CA
|
From: Joe P. <j.m...@gm...> - 2014-01-31 14:32:56
|
Just as a note, I don't remember how openvpn considers it, but some systems consider a certificate invalid if its issuer cert has expired, even if the certificate itself has not. It may be that's not the case for openvpn/openssl, but I remember getting bitten by that once some years ago, and figure it's best to at least keep it in mind. -Joe On Fri, Jan 31, 2014 at 9:02 AM, Bonno Bloksma <b.b...@ti...> wrote: > Hi, > > >> I want to find out when my CA expires, how do I do that. I cannot see > >> any readable info by just looking at the ca.key or the ca.crt Which > command will let me see that info? > >> Which command will let me see when the client certs expire? > > > > openssl x509 -subject -dates -noout -in ca.crt > [..] > notBefore=May 16 06:04:32 2008 GMT > notAfter=May 14 06:04:32 2018 GMT > > Ok, I've got a few years left. ;-) > > > openssl x509 -subject -dates -noout -in client-cert.crt > > And these are even later of course. > > Thanks > > Bonno Bloksma > > > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users > |
