1 |
On Fri, 15 Jul 2022 22:33:49 -0600, Grant Taylor wrote: |
2 |
|
3 |
> > I've never used it before, mainly because I wasn't aware of its |
4 |
> > existence until I re-read the ssh-keygen man page, but it seems to |
5 |
> > be simple timestamps passed to valid-before/valid-after. |
6 |
> |
7 |
> I'm not sure that's applicable to /keys/ verses /certificates/. |
8 |
> |
9 |
> Excerpt from the ssh-keygen man page: |
10 |
> |
11 |
> -V validity_interval |
12 |
> |
13 |
> Specify a validity interval when signing a /certificate/. A validity |
14 |
> interval may consist of a single time, indicating that the |
15 |
> /certificate/ is valid beginning now and expiring at that time, or may |
16 |
> consist of two times separated by a colon to indicate an explicit time |
17 |
> interval. |
18 |
> |
19 |
> Maybe there's something else, but it seems like the validity period is |
20 |
> for SSH /certificates/ and not SSH /keys/. |
21 |
|
22 |
valid-before/valid-after are documented elsewhere in the man page, but it |
23 |
is not clear whether they are discussing certificates or keys at that |
24 |
point, it could be read either way. |
25 |
|
26 |
Time to check out certificates. |
27 |
|
28 |
|
29 |
-- |
30 |
Neil Bothwick |
31 |
|
32 |
Set phasers to extreme itching! |