<div dir="ltr"><div dir="ltr">On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel <<a href="mailto:devel@ntpsec.org">devel@ntpsec.org</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Any openssl command line wizards?<br></blockquote><div><br></div><div>Probably, not me though.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">What do I type to find out when my certificate expires? We should make a <br>
script that can be called from cron.<br></blockquote><div><br></div><div>generally something like the following works fairly well</div><div>> # <span style="color:rgb(0,0,0);font-family:monospace">openssl x509 -issuer -dates -in /etc/ntp/cert-chain.pem</span></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3</span><br>> notBefore=Aug 25 07:36:19 2019 GMT
<br>> notAfter=Nov 23 07:36:19 2019 GMT
<br>> -----BEGIN CERTIFICATE-----<br></span></div><div><span style="font-family:monospace">:::snip:::</span></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">> -----END CERTIFICATE-----</span><br></span></div><div> </div><div>-in tells OpenSSL to use a file instead of stdin</div><div>-dates tells OpenSSL to print the not{Before,After} dates</div><div>-issuer gets that information printed</div><div>All this and more is readily available by invoking "openssl x509"</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
What do I type to figure out which cert in the root collection for my <br>
OS/distro that a NTS-KE server is using? I'd like some code I can cut-paste <br>
to do that and/or a script that will do that for all the servers in ntp.conf <br>
that are using nts.<br>
<br>
I'm pretty sure their man pages have all the info and with enough work I can <br>
work out the details. But I won't bother if somebody is familiar with that <br>
area.<br></blockquote><div><br></div><div>Man pages? in virtual open offices, we do not need man pages.</div><div>Fun factoid: it takes developer '15 minutes' to properly get back on task after being interrupted</div></div></div>