Add ntpcert-sweep was "What next?"

James Browning jamesb192 at jamesb192.com
Mon Jun 17 20:51:06 UTC 2024


I've created a handy script, "ntpcert-sweep.py," which can display the complete TLS certificate chain from a certificate PEM file or an NTS server to a root certificate file on the host machine. The timestamps are probably GMT, the hexstrings are X509v3 Subject and Authority Key Identifiers. After including some feedback for enhancements, we should include it on the git tree.

```console
$ python ntpclients/ntpcert-sweep.py -H dell-2018.jamesb192.com >stdout 2>stderr
==> stderr <==
until 2024-08-23T00:30:10: 7fea94c7d207e5fe8a4fe044aae34aca63b5a091 -> 142eb317b75856cbae500940e61faf9d8b14c2c6
until 2025-09-15T16:00:00: 142eb317b75856cbae500940e61faf9d8b14c2c6 -> 79b459e67bb6e5e40173800888c81a58f6e99b6e
until 2035-06-04T11:04:38: 79b459e67bb6e5e40173800888c81a58f6e99b6e -> 
until 2035-06-04T11:04:38: 79b459e67bb6e5e40173800888c81a58f6e99b6e ->
==> stdout <==
Potential root CA /etc/ssl/certs/ISRG_Root_X1.pem
Potential root CA /etc/ssl/certs/4042bcee.0
```
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntpcert-sweep.py
Type: text/x-python
Size: 6344 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20240617/29bb716d/attachment.py>


More information about the devel mailing list