The expiration time is checked by the client. If you want to turn checking off,
you have to modify the client. But this is what you wanted to avoid.
So the best thing you can do right now is to create a new certificate, this
time with a long expiration time, e.g. 100 years.
Matthias
__
).
Hence, server cert renew or reky is transparent to client.
Erwin
--
From: "Dinh, Thao V CIV NSWCDD, K72"
Sent: Thursday, April 12, 2012 7:56 AM
To:
Subject: RE: expired ssl certificate
Thank You very, very much for all for help. I hav
On Thu, Apr 12, 2012, Dinh, Thao V CIV NSWCDD, K72 wrote:
> Thank You very, very much for all for help. I have a couple more questions:
>
> 1) what is max time you can have on expiration ??
>
Technically the 31st December but you have to consider the security
strength of the key used and h
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Erwin Himawan
Sent: Wednesday, April 11, 2012 2:57 PM
To: openssl-users@openssl.org
Subject: Re: expired ssl certificate
Reading Nou's proposal, I have the impression that the
On Thu, Apr 12, 2012, Ashok C wrote:
> Hi,
>
> I had almost the same requirement and eventually achieved it by patching my
> openssl package's x509_verify code to do the check_cert_time() method
> optionally depending on some conditions. Ideally I feel openSSL should
> provide a validation flag l
changing anything. If it's not ok and you look at the
>> cert and it's expired but you don't care, return 1 and it will be accepted.
>> Look at the examples in the pdf for some examples.
>> As I said earlier, standard warnings apply - you're overruling standard
>> sec
> ---
> Nou Dadoun
> ndad...@teradici.com
> 604-628-1215
>
>
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] On Behalf Of Dinh, Thao V CIV NSWCDD, K72
> Sent: April 11, 2012 4:19 AM
> To: opens
Thao V CIV NSWCDD, K72
Sent: April 11, 2012 4:19 AM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
Hi Nou
Please help me understand more about this subject ( I am new to Openssl)
1. What happen if the peer presents an expired certificate and we do not
implement callback usi
Thank You
Thao Dinh
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Nou Dadoun
Sent: Tuesday, April 10, 2012 3:15 PM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
You can use a verification callback to l
04 AM
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: expired ssl certificate
Hi,
I have a server application and the client uses https to connect
to the server. For this I had created an openssl self signed certificate
cacert.pem which has been distributed to all the c
Hi,
I have a server application and the client uses https to connect
to the server. For this I had created an openssl self signed certificate
cacert.pem which has been distributed to all the client applications.
Now unfortunately the certificate has expired. I can create a new
certificat
11 matches
Mail list logo