Custom lastUpdate in CRL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/09/2016 12:11, Rishi Pathak wrote:
> Hi,
>        For a reason we require lastUpdate to be set to a date in the 
> previous year, with
> nextUpdate a year from now in our CRL. Search on google led me to a 
> patch which
> allows use of startDate/endDate for CRL generation as well apart from 
> certificates.
> Seems like 1.0-1 does not have it. Any pointers to how I can achieve 
> this using
> OpenSSL(version) or another utility, preferably on Linux.
>
For such tasks, I currently use the faketime utility program
to run the openssl command line tool in a context with the
data artificially set to the desired time in the past.

I have previously suggested that an "as of" time argument
be added to certificate and signature validation operations,
and your use case suggests the same for issuance and signing
operations as well.

In fact, it seems the general solution (in future OpenSSL
updates) would be for all operations that use the "current
time/date" to accept an alternative value of that as an
argument.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux