How to generate expired certificates with OpenSSL within a Linux system

Requirements: Verify that expired certificates are not available in the system.

Question: How do I generate an expired certificate?

Workaround: 1. Adjust the system time

2. Generate a Certificate

3. Verify that the certificates StartDate and EndDate meet your expectations

1. Adjust the system time

1.Set date from the command line:

 1date"20120418" 

2.Set time from the command line:

 1date"11:14:00" 

2. Generate a Certificate

Reference connection: https://www.digitalocean.com/community/tutorials/ Openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

Generate a self-signed Certificate

Use the If you want to use HTTPS (HTTP-over-TLS) to secure your Apache HTTP or Nginx Web server, and don't re Quire that your certificate are signed by a CA.

This command creates a 2048-bit private key ( domain.key ) and a self-signed certificate ( domain.crt ) from scratch:

12        -newkey RSA:2048 -nodes-3        365 -out Domain.crt

Answer The CSR information prompt to complete the process.

The -x509 option tells to req create a self-signed cerificate. The -days 365 option specifies that the certificate is valid for 365 days. A temporary CSR is generated to gather information to associate with the certificate.

After the certificate is generated, copy the contents of Domain.key and DOMAIN.CRT to CERT.PEM with the private key and the certificate section below.

3. Adjust the system time to the present time.

4. Do you want to see the certificate start and expiration times as you expect?

OpenSSL x509-startdate-noout- in Key.pem

How to generate expired certificates with OpenSSL within a Linux system