Certificates

[James Browning]

On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel <devel at ntpsec.org>
wrote:

>
> Any openssl command line wizards?
>

Probably, not me though.


> What do I type to find out when my certificate expires?  We should make a
> script that can be called from cron.
>

generally something like the following works fairly well
> # openssl x509 -issuer -dates -in /etc/ntp/cert-chain.pem
> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> notBefore=Aug 25 07:36:19 2019 GMT
> notAfter=Nov 23 07:36:19 2019 GMT
> -----BEGIN CERTIFICATE-----
:::snip:::
> -----END CERTIFICATE-----

-in tells OpenSSL to use a file instead of stdin
-dates tells OpenSSL to print the not{Before,After} dates
-issuer gets that information printed
All this and more is readily available by invoking "openssl x509"

What do I type to figure out which cert in the root collection for my
> OS/distro that a NTS-KE server is using?  I'd like some code I can
> cut-paste
> to do that and/or a script that will do that for all the servers in
> ntp.conf
> that are using nts.
>
> I'm pretty sure their man pages have all the info and with enough work I
> can
> work out the details.  But I won't bother if somebody is familiar with
> that
> area.
>

Man pages? in virtual open offices, we do not need man pages.
Fun factoid: it takes developer '15 minutes' to properly get back on task
after being interrupted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190911/3700b536/attachment.htm>