Test certificates expired (again)

[mgorny]

$ ./scripts/openssl_https_server.sh
Using default temp DH parameters
ACCEPT
139899582240576:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1543:SSL alert number 48
139899582240576:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1543:SSL alert number 45
139899582240576:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1543:SSL alert number 45
139899582240576:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1543:SSL alert number 45
139899582240576:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1543:SSL alert number 48
139899582240576:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1543:SSL alert number 45
 $ openssl x509 -in localhost.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = NDG Test CA, O = NDG, OU = Security
        Validity
            Not Before: Dec 16 01:07:32 2016 GMT
            Not After : Dec 16 01:07:32 2019 GMT
...

[philipkershaw]

It should be easy to fix but I don't have a lot of time to look at this in the near future. Will happily accept a PR if you or someone else want to update the test certs

[mgorny]

Is that even possible without having the CA's private key?

[philipkershaw]

I was thinking you could create a fresh key pair for the CA but equally I'm happy to add the private key to the repo so that a new CA cert could be generated based on the same key pair. This is all on the understanding that this is a test CA of course!

[philipkershaw]

New version with updated certs is in devel branch. Will push out new release soon