| 1 |
On Fri, 15 Jul 2022 22:33:49 -0600, Grant Taylor wrote: |
| 2 |
|
| 3 |
> > I've never used it before, mainly because I wasn't aware of its |
| 4 |
> > existence until I re-read the ssh-keygen man page, but it seems to |
| 5 |
> > be simple timestamps passed to valid-before/valid-after. |
| 6 |
> |
| 7 |
> I'm not sure that's applicable to /keys/ verses /certificates/. |
| 8 |
> |
| 9 |
> Excerpt from the ssh-keygen man page: |
| 10 |
> |
| 11 |
> -V validity_interval |
| 12 |
> |
| 13 |
> Specify a validity interval when signing a /certificate/. A validity |
| 14 |
> interval may consist of a single time, indicating that the |
| 15 |
> /certificate/ is valid beginning now and expiring at that time, or may |
| 16 |
> consist of two times separated by a colon to indicate an explicit time |
| 17 |
> interval. |
| 18 |
> |
| 19 |
> Maybe there's something else, but it seems like the validity period is |
| 20 |
> for SSH /certificates/ and not SSH /keys/. |
| 21 |
|
| 22 |
valid-before/valid-after are documented elsewhere in the man page, but it |
| 23 |
is not clear whether they are discussing certificates or keys at that |
| 24 |
point, it could be read either way. |
| 25 |
|
| 26 |
Time to check out certificates. |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
Neil Bothwick |
| 31 |
|
| 32 |
Set phasers to extreme itching! |
Archives