Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OpenSSL certificate expiration date

Posted on 2011-03-10
15
Medium Priority
?
3,233 Views
Last Modified: 2012-05-11
Hello,
 I am trying to script SSL certificate creation for our internal testing environment. We have a large testing environment with close to 80 certificates. I am trying to set the certificates to expire at the maximum of 2037  as if they go into 2038 than the OpenSSL fails to produce the certificates. I used the -days but you have to manually decrement the number to keep it from going into 2038. I need to figure out a way to have it automatically decrement the -days so the certificates will expire in 2037 no matter who runs the utility. Any help would be great.....
0
Comment
Question by:J1thatguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 40

Expert Comment

by:noci
ID: 35113473
openssl .... -days $( perl -e 'print sprintf("%d",((((2**31)-1)-(time))/86400))."\n;"'  ) ....

Should help:
2**31 = 2147483648         (this is the maximum time in seconds represented in a signed longword).
                                        (and for a date in seconds since 1970 it is about 19 jan 2038.)
if you subtract the current time in seconds since 1970 (time()) then you have the seconds left until 2038.
then device by 86400 (number of seconds in a day) you then have the days until that date.
(And truncate it to an integer using the sprintf. and print it to stdout for the shell...

$(   ..... ) execute the command between the braces () and picks the stdout from that subshell and substitutes it at the command.


0
 
LVL 40

Expert Comment

by:noci
ID: 35113475
(Oh if this a number of days off you can allways subtract a number of days. ;-)
0
 

Author Comment

by:J1thatguy
ID: 35114477
Yes i need it to calculate number of days to limit it to a cert that expires in 2037. Not sure how to convert that to days but the commands as it stands just opens a text file with "47" in it and the certificate utility stops there. I will keep trying to get it to work but any guidance would be great as I am not a programmer by any means. Thanx for the help so far as I believe this is real close to solving the issue
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:J1thatguy
ID: 35114480
sorry that pop up is unrelated.....
0
 
LVL 40

Accepted Solution

by:
noci earned 2000 total points
ID: 35115000
(31 december 2037 = clocktick ~2145916799 )       (Calculated constant)
now                       = clocktick 1299915867    )      ( output of the perl  time function )
So time until then is 846000932 clockticks.

with 86400 clockticks per day that makes:
846000932 / 86400 =    9791.6774537037 day until 31 dec 2037.

(or in whole numbers: 9791 days )...
  perl -e 'print sprintf("%d",((2145916799-time)/86400))."\n;"'
or
  perl -e 'print int(2145916799-time)/86400)."\n;"'

should give you a number 9791 on march 12th. (GMT)...

$( ... ) is a bash shell expression to  include the output of some command into a commandline
If the line is multiple output then all lines are put after one another with a space in between:
compare the output of:
  ls -1
and
  echo $( ls -1 )
("ls -(one)" not "ls - (el)")
0
 

Author Comment

by:J1thatguy
ID: 35115007
I get "bad number of days" using
-days $( perl -e 'print sprintf("%d",((((2**31)-1)-(time))/86400))."\n;"'  )

but if I run the command with perl at the command line it calculates the days correctly. So I must be missing some thing small now about getting perl to execute inside the batch file. Will start researching some more...
0
 

Author Comment

by:J1thatguy
ID: 35115064
if I run the command as is I get bad number of days. I don't think it is reading the output correctly as it work at the command line

openssl x509 -req -in c:\Certs\test\%%A-2037\%%A.csr -days $(c:\\bin\perl -e 'print sprintf("%d",((2145916799-time)/86400))."\n;"') -CA CA_root_ca.2036.cert -CAkey

CA_root_ca.key -passin pass:#### -CAserial serial.txt -out c:\Certs\test\%%A-2037\%%A.cer -text

so close..
0
 

Author Closing Comment

by:J1thatguy
ID: 35115242
I still need to work out how to get iit to work in my script but it does calculate the days correclty. Very impressed...
0
 
LVL 40

Expert Comment

by:noci
ID: 35115491
Are you using a windows batch file? %%A seems to indicate that.
Then obviously $( ) will not work...
But if you use openssl then chances are that you use cygwin.
Bash is also the default shell for cygwin....
Otherwise you can think about installing cygwin. It free & opensource, and provides a unix environment within windows. (openssl is part of that too, as well as ssh f.e.).
0
 

Author Comment

by:J1thatguy
ID: 35115495
Sorry just got the last part

ls -1 gives me the directory listing

echo $(ls -1) gives me $(ls-1)

0
 
LVL 40

Expert Comment

by:noci
ID: 35115537
And echo $( ls -1 ) should also give you a directory listing but all on one line.
0
 

Author Comment

by:J1thatguy
ID: 35115574
oddly it just prints the command $( ls -1 )

I am trying to set the perl output to a variable to get around this but also having a tough time getting it to work so far.
0
 

Author Comment

by:J1thatguy
ID: 35115665
Yes its windows and unfortunately I am creating this in an app for people to use so having them all install bash will be difficult. I believe they downloaded openssl as cygwin is not present on this system.
0
 
LVL 40

Expert Comment

by:noci
ID: 35132765
Now I am getting out of my leage here..
Does this work?

FOR /F "usebackq" %X (` perl -e '...' `) do set days=%X

0
 

Author Comment

by:J1thatguy
ID: 35132886
Your calculation worked. I uses it to set a variable and passed that to OpenSSL. I just had to remove the extra line it was creating in the file. Thank you for the help.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question