Server and user certificates are expired
Jouni Malinen
j at w1.fi
Sun Oct 1 10:28:50 PDT 2017
On Sun, Oct 01, 2017 at 01:47:24PM +0000, Otcheretianski, Andrei wrote:
> Looks that server/user certificates are expired so need to re-sign them.
> Is there any script to regenerate this locally (I couldn't find how to do it)?
Some of the certificates had scripts to generate them, but not all. I
added some more now while updating the certificates that expired
yesterday:
https://w1.fi/cgit/hostap/commit/?id=0ba13e86132a1c6dd4bc304178f7328e1b73cf52
I've been wanting to get to a point where more or less all the
certificates could be generated dynamically by start.sh. Some of the
OCSP related items are already covered there, but that has been more or
less optional for now to not require a specific openssl utility version
to be available on the test system. I guess it is starting to be
reasonable to expect all systems to have a suitably recent version, so
it may reasonable to start mandating this and just get rid of these
periodic certificate update needs altogether.
Some of the private key generation cases take significant amount of CPU
(potentially close to an hour for everything..), so those cannot be done
from scratch every time testing is started, but the actual signing
operations should be fast enough to do again every time (and likely
even fast enough to do in each VM when running parallel testing so that
this can be kept simpler).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list