From c1e873d37f52b8960128e5273afc10ba9eac008c Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 11 Apr 2014 13:26:31 -0400 Subject: [PATCH] Backdate SSL certificates by default for 'startDate' --- xCAT-server/share/xcat/scripts/setup-local-client.sh | 4 ++-- xCAT-server/share/xcat/scripts/setup-server-cert.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xCAT-server/share/xcat/scripts/setup-local-client.sh b/xCAT-server/share/xcat/scripts/setup-local-client.sh index dd95a4e4d..329cf5789 100755 --- a/xCAT-server/share/xcat/scripts/setup-local-client.sh +++ b/xCAT-server/share/xcat/scripts/setup-local-client.sh @@ -46,7 +46,7 @@ fi # remove user from index index=`grep $CNA /etc/xcat/ca/index | cut -f4 2>&1` for id in $index; do - openssl ca -config /etc/xcat/ca/openssl.cnf -revoke /etc/xcat/ca/certs/$id.pem + openssl ca -startdate 19600101010101Z -config /etc/xcat/ca/openssl.cnf -revoke /etc/xcat/ca/certs/$id.pem done mkdir -p $USERHOME/.xcat cd $USERHOME/.xcat @@ -60,7 +60,7 @@ cd $XCATDIR/ca # - seems to be a problem with the use of the wildcard in the Makefile # - calling cmds directly instead - should be safe # make sign -openssl ca -config openssl.cnf -in root.csr -out root.cert +openssl ca -startdate 19600101010101Z -config openssl.cnf -in root.csr -out root.cert if [ -f root.cert ]; then rm root.csr fi diff --git a/xCAT-server/share/xcat/scripts/setup-server-cert.sh b/xCAT-server/share/xcat/scripts/setup-server-cert.sh index 89a7c7295..42cb46767 100755 --- a/xCAT-server/share/xcat/scripts/setup-server-cert.sh +++ b/xCAT-server/share/xcat/scripts/setup-server-cert.sh @@ -33,7 +33,7 @@ cd $XCATDIR/ca # - call cmds directly instead - seems safe # make sign -openssl ca -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server +openssl ca -startdate 19600101010101Z -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server if [ -f `hostname`.cert ]; then rm `hostname`.csr fi