James Browning jamesb.fe80 at gmail.com
Thu Sep 12 03:22:45 UTC 2019

On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel <devel at ntpsec.org>

> Any openssl command line wizards?

Probably, not me though.

> What do I type to find out when my certificate expires?  We should make a
> script that can be called from cron.

generally something like the following works fairly well
> # openssl x509 -issuer -dates -in /etc/ntp/cert-chain.pem
> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> notBefore=Aug 25 07:36:19 2019 GMT
> notAfter=Nov 23 07:36:19 2019 GMT

-in tells OpenSSL to use a file instead of stdin
-dates tells OpenSSL to print the not{Before,After} dates
-issuer gets that information printed
All this and more is readily available by invoking "openssl x509"

What do I type to figure out which cert in the root collection for my
> OS/distro that a NTS-KE server is using?  I'd like some code I can
> cut-paste
> to do that and/or a script that will do that for all the servers in
> ntp.conf
> that are using nts.
> I'm pretty sure their man pages have all the info and with enough work I
> can
> work out the details.  But I won't bother if somebody is familiar with
> that
> area.

Man pages? in virtual open offices, we do not need man pages.
Fun factoid: it takes developer '15 minutes' to properly get back on task
after being interrupted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190911/3700b536/attachment.htm>

More information about the devel mailing list