Re: Server and user certificates are expired

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 01, 2017 at 01:47:24PM +0000, Otcheretianski, Andrei wrote:
> Looks that server/user certificates are expired so need to re-sign them.
> Is there any script to regenerate this locally (I couldn't find how to do it)?

Some of the certificates had scripts to generate them, but not all. I
added some more now while updating the certificates that expired
yesterday:
https://w1.fi/cgit/hostap/commit/?id=0ba13e86132a1c6dd4bc304178f7328e1b73cf52

I've been wanting to get to a point where more or less all the
certificates could be generated dynamically by start.sh. Some of the
OCSP related items are already covered there, but that has been more or
less optional for now to not require a specific openssl utility version
to be available on the test system. I guess it is starting to be
reasonable to expect all systems to have a suitably recent version, so
it may reasonable to start mandating this and just get rid of these
periodic certificate update needs altogether.

Some of the private key generation cases take significant amount of CPU
(potentially close to an hour for everything..), so those cannot be done
from scratch every time testing is started, but the actual signing
operations should be fast enough to do again every time (and likely
even fast enough to do in each VM when running parallel testing so that
this can be kept simpler).

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux