From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <maciej@soltysiak.com>
Received: from mail-yk0-f175.google.com (mail-yk0-f175.google.com
	[209.85.160.175]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 1B59021F1F0
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue,  1 Apr 2014 08:42:18 -0700 (PDT)
Received: by mail-yk0-f175.google.com with SMTP id 131so7600157ykp.6
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 01 Apr 2014 08:42:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=c005zPoqMbivtuunN7ZMIKKEGB0RAqGu6BrxEZT5GgY=;
	b=hT9tV3hVIHkELXZav/kpDY8vgIBYNwmbSjK5OeKNHcPsV6m6Ht7td7TGO8XBs5dFJ7
	ebl/k9mGS1OIlQNbs6E1/5AkUhBjGxI0yE8+VzmoymCshLw+jex768h2kUgEDLyG54pd
	QMdTE9FLyvuHgtFr4O/KLHVMjHdO4liilsRwX2iFsolAVhXpnP8xvQJK+zfWqHQN1zbh
	am6rV04l9lgyTzzxBrYSKj5V5VlZI5cu3MrNoNiL9YgAH+oqs4NZfAm4zePRHOuRA+P3
	WKE6QqwgymzE87tGlqNXUnDZDiqsFv1SkGEWAAZuwV2g4cOuZRriQ687Uf8/aVGDXlYH
	Vqgw==
X-Gm-Message-State: ALoCoQkNRayH7APmIEIHZDz14RQOmrA34EdRLufGlqDjHdIXm+M+xyf9sl3XRqpxJwQUT4dkllVB
MIME-Version: 1.0
X-Received: by 10.236.130.37 with SMTP id j25mr12654819yhi.106.1396366936857; 
	Tue, 01 Apr 2014 08:42:16 -0700 (PDT)
Received: by 10.170.140.215 with HTTP; Tue, 1 Apr 2014 08:42:16 -0700 (PDT)
X-Originating-IP: [85.221.151.252]
In-Reply-To: <CAA93jw4hjiUjB1760i3HcMOwELb5xV1uzPMdFwTceNr8riL-Aw@mail.gmail.com>
References: <CAA93jw4hjiUjB1760i3HcMOwELb5xV1uzPMdFwTceNr8riL-Aw@mail.gmail.com>
Date: Tue, 1 Apr 2014 17:42:16 +0200
Message-ID: <CAMZR1YBNaK7pTnY2JV-emNHUALVGZ3Hdc9PJLX-W06DnA+Gehg@mail.gmail.com>
From: Maciej Soltysiak <maciej@soltysiak.com>
To: Dave Taht <dave.taht@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] expiring certs kill juniper routers
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 15:42:18 -0000

> 1 3 2 1 * /etc/make-webcerts.sh # regen the web certs every year feb 1 at 3am
If for some reason I fail to have my router running on that feral day
at 3am, it won't regenerate and we wait a year for the next run.
Maybe it'd be better to have a daily job to check for that in case
someone misses that key moment in a year?

Before I do anything... My copy of make-webcerts.sh has:
days=21900
bits=1024

Perhaps it's better to put less than 60 years in there and up the bits?
3 runs at 4096 took 27, 30 and 42 seconds on my WNDR3800.

That would increase the first boot up after flashing, wouldn't it?

Best regards,
Maciej