1 |
On 7/15/22 4:11 PM, Neil Bothwick wrote: |
2 |
> I've never used it before, mainly because I wasn't aware of its |
3 |
> existence until I re-read the ssh-keygen man page, but it seems to |
4 |
> be simple timestamps passed to valid-before/valid-after. |
5 |
|
6 |
I'm not sure that's applicable to /keys/ verses /certificates/. |
7 |
|
8 |
Excerpt from the ssh-keygen man page: |
9 |
|
10 |
-V validity_interval |
11 |
|
12 |
Specify a validity interval when signing a /certificate/. A validity |
13 |
interval may consist of a single time, indicating that the /certificate/ |
14 |
is valid beginning now and expiring at that time, or may consist of two |
15 |
times separated by a colon to indicate an explicit time interval. |
16 |
|
17 |
Maybe there's something else, but it seems like the validity period is |
18 |
for SSH /certificates/ and not SSH /keys/. |
19 |
|
20 |
|
21 |
|
22 |
-- |
23 |
Grant. . . . |
24 |
unix || die |