On Sun, Oct 01, 2017 at 01:47:24PM +0000, Otcheretianski, Andrei wrote: > Looks that server/user certificates are expired so need to re-sign them. > Is there any script to regenerate this locally (I couldn't find how to do it)? Some of the certificates had scripts to generate them, but not all. I added some more now while updating the certificates that expired yesterday: https://w1.fi/cgit/hostap/commit/?id=0ba13e86132a1c6dd4bc304178f7328e1b73cf52 I've been wanting to get to a point where more or less all the certificates could be generated dynamically by start.sh. Some of the OCSP related items are already covered there, but that has been more or less optional for now to not require a specific openssl utility version to be available on the test system. I guess it is starting to be reasonable to expect all systems to have a suitably recent version, so it may reasonable to start mandating this and just get rid of these periodic certificate update needs altogether. Some of the private key generation cases take significant amount of CPU (potentially close to an hour for everything..), so those cannot be done from scratch every time testing is started, but the actual signing operations should be fast enough to do again every time (and likely even fast enough to do in each VM when running parallel testing so that this can be kept simpler). -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
