需求:驗證過期的證書在系統中不能使用。
問題:如何生成過期的證書呢?
解決方法:1.調整系統時間
2.生成證書
3.驗證證書startdate 和 enddate 是否符合你的預期
1.調整系統時間
1.Set date from the command line:
1 date +%Y%m%d -s "20120418"
2.Set time from the command line:
1 date +%T -s "11:14:00"
2. 生成證書
參考連接:https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
Generate a Self-Signed Certificate
Use this method if you want to use HTTPS (HTTP over TLS) to secure your Apache HTTP or Nginx web server, and you do not require that your certificate is signed by a CA.
This command creates a 2048-bit private key (domain.key) and a self-signed certificate (domain.crt) from scratch:
1 openssl req \ 2 -newkey rsa:2048 -nodes -keyout domain.key \ 3 -x509 -days 365 -out domain.crt
Answer the CSR information prompt to complete the process.
The -x509 option tells req to create a self-signed cerificate. The -days 365 option specifies that the certificate will be valid for 365 days. A temporary CSR is generated to gather information to associate with the certificate.
生成證書以后,把 domain.key 和 domain.crt 的內容 復制到 cert.pem 中 上面為 private key,下面為 certificate 部分。
3.把系統時間調整到現在的時間。
4.查看證書的開始時間和過期時間是否如你的預期呢?
openssl x509 -startdate -noout -in key.pem
