|
|
Hi Konrad Karl wrote: > Hi all, > > I would very much like to have an option to be able to completely > disable the time checking on all certificates used by openvpn. The checking is done by openssl and disabling it, even if it was possible at all, does not make sense. > > Every now and then I have to work around some machines with > incorrect clock settings - for now I set the time back for > a couple of years on the easy-rsa machine (using libfaketime-0.4.tar.gz > on linux) but would like to avoid that kludge. The kludge is the incorrect clock setting. > > Is there an option to specify the certificate start date/time > to openssl? Yes OpenSSL> ca -? unknown option -? usage: ca args -verbose - Talk alot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) cheers Erich ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |