[Cerowrt-devel] expiring certs kill juniper routers

Maciej Soltysiak maciej at soltysiak.com
Tue Apr 1 11:42:16 EDT 2014


> 1 3 2 1 * /etc/make-webcerts.sh # regen the web certs every year feb 1 at 3am
If for some reason I fail to have my router running on that feral day
at 3am, it won't regenerate and we wait a year for the next run.
Maybe it'd be better to have a daily job to check for that in case
someone misses that key moment in a year?

Before I do anything... My copy of make-webcerts.sh has:
days=21900
bits=1024

Perhaps it's better to put less than 60 years in there and up the bits?
3 runs at 4096 took 27, 30 and 42 seconds on my WNDR3800.

That would increase the first boot up after flashing, wouldn't it?

Best regards,
Maciej



More information about the Cerowrt-devel mailing list