I had an idea about trying to use a 'tls-verify' script to detect client certificates that are going to expire soon, so we can warn folks before their certs go bad. Looking through the man page under Environmental Variables (and testing it), there's lots of variables about the certificate's CN, but nothing about its dates.
Is it possible to have the cert's 'Not Before' and 'Not After' dates (hopefully in a parseable format) added to the environment variables provided to the same scripts that receive the 'X509_{n}_{subject_field}' variables?
And, getting ahead of a possible 'try this instead' suggestion, "just use the CN to look the cert up against your CA" - can't. Our client certs come from an appliance not connected to the VPN server. We're trying to get the cert to audit the client certs and send out timely expiration notices. It's being problematic.
Thanks for considering.
Certificate Validity Dates as Environmental Variables
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
ratnix
- OpenVpn Newbie
- Posts: 12
- Joined: Wed Mar 07, 2018 11:06 pm
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm