[Cerowrt-devel] expiring certs kill juniper routers
dave.taht at gmail.com
Thu Mar 27 16:04:22 EDT 2014
A whole bunch of juniper routers just went down due to an expired certificate:
We set the cerowrt https certificates to expire in 2072. I plan on being
safely dead by then... but...
I worried that I might actually get uploaded instead... and still be around...
so there's a cron job to create new ones every year.
1 3 2 1 * /etc/make-webcerts.sh # regen the web certs every year feb 1 at 3am
It bugs me that the openssl syntax for generating certs is so arcane,
and it bothers me
more that there are people making bad certs out there for mission
"We're sorry, your vw bug can't start due to an expired certificate...
your nuclear reactor's coolant interfaces can't start due to an
It kind of dwarfs the Y2038 problem in that it can happen anywhere, anytime.
More information about the Cerowrt-devel