Certificate Validity Dates as Environmental Variables

This is where we can discuss what we would like to see added or changed in OpenVPN.
Post Reply
ratnix
OpenVpn Newbie
Posts: 12
Joined: Wed Mar 07, 2018 11:06 pm

Certificate Validity Dates as Environmental Variables

Post by ratnix » Sun Apr 12, 2020 3:32 am

I had an idea about trying to use a 'tls-verify' script to detect client certificates that are going to expire soon, so we can warn folks before their certs go bad. Looking through the man page under Environmental Variables (and testing it), there's lots of variables about the certificate's CN, but nothing about its dates.

Is it possible to have the cert's 'Not Before' and 'Not After' dates (hopefully in a parseable format) added to the environment variables provided to the same scripts that receive the 'X509_{n}_{subject_field}' variables?

And, getting ahead of a possible 'try this instead' suggestion, "just use the CN to look the cert up against your CA" - can't. Our client certs come from an appliance not connected to the VPN server. We're trying to get the cert to audit the client certs and send out timely expiration notices. It's being problematic.

Thanks for considering.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7610
Joined: Fri Jun 03, 2016 1:17 pm

Re: Certificate Validity Dates as Environmental Variables

Post by TinCanTech » Sun Apr 12, 2020 1:39 pm

ratnix wrote:
Sun Apr 12, 2020 3:32 am
And, getting ahead of a possible 'try this instead' suggestion
OK then.

Post Reply