How to generate expired certificates with OpenSSL within a Linux system

Source: Internet
Author: User
Tags openssl x509 set time

Requirements: Verify that expired certificates are not available in the system.

Question: How do I generate an expired certificate?

Workaround: 1. Adjust the system time

2. Generate a Certificate

3. Verify that the certificates StartDate and EndDate meet your expectations

1. Adjust the system time

1.Set date from the command line:

 1date"20120418" 

2.Set time from the command line:

 1date"11:14:00" 

2. Generate a Certificate

Reference connection: https://www.digitalocean.com/community/tutorials/ Openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

Generate a self-signed Certificate

Use the If you want to use HTTPS (HTTP-over-TLS) to secure your Apache HTTP or Nginx Web server, and don't re Quire that your certificate are signed by a CA.

This command creates a 2048-bit private key ( domain.key ) and a self-signed certificate ( domain.crt ) from scratch:

12        -newkey RSA:2048 -nodes-3        365 -out Domain.crt

Answer The CSR information prompt to complete the process.

The -x509 option tells to req create a self-signed cerificate. The -days 365 option specifies that the certificate is valid for 365 days. A temporary CSR is generated to gather information to associate with the certificate.

After the certificate is generated, copy the contents of Domain.key and DOMAIN.CRT to CERT.PEM with the private key and the certificate section below.

3. Adjust the system time to the present time.

4. Do you want to see the certificate start and expiration times as you expect?

OpenSSL x509-startdate-noout- in Key.pem

How to generate expired certificates with OpenSSL within a Linux system

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.