[Cialug] TLS Cert validity?
Nathan C. Smith
nathan.smith at ipmvs.com
Thu Feb 3 13:08:46 CST 2011
TLS does not care if the cert has expired. It will probably alert you to the fact though if it is an interactive process (browser)
Public-facing items are usually run with certs signed by certification authorities, but you can save some money (and cause confusion) through self-signing.
Almost any certification authority will walk you through the steps. The product may have a guide, or you may need to use the cert request functions of your favorite Linux distro to create a certificate request. I think I have some embedded hardware that has no provision for creating or installing a cert.
There are a lot of cheap certificates available, but not all the cheap ones are recognized by all browsers (ask me how I know). Do your homework if it is a public-facing cert.
-Nate
-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of L. V. Lammert
Sent: Thursday, February 03, 2011 1:04 PM
To: Central Iowa Linux Users Group
Subject: [Cialug] TLS Cert validity?
We took over a system recently that appears to use a self-signed certificate for TLS, and it appears that it actually expired over a year ago!
> Does TLS not care if the cert has expired? Have not seen any email failures related to TLS.
> Is it common practice to run TLA with self-signed certs?
> If so, any special process for installation?
I have created a self-signed cert for a web site in the past with a multi-year expiration, but that uses a .csr./key/.crt, .. in this case, the self-signed cert is a .pem. Does TLS do things differently than standard SSL?
TIA for any enlightenment,
Lee
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list