[stunnel-users] Possible to verify client certificate BUT ignore expiration-date?

Christopher Schultz chris at christopherschultz.net
Tue May 14 15:49:03 CEST 2019


On 5/13/19 18:06, Eric Eberhard wrote:
> Use openssl to make a private cert?

What is a "private cert"?

Also, I need to trust an existing certificate... If they can create a
new certificate, then I can just trust the new one. I'm looking for a
stop-gap measure, here.


> -----Original Message-----
> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Christopher Schultz
> Sent: Monday, May 13, 2019 2:28 PM
> To: stunnel-users at stunnel.org
> Subject: [stunnel-users] Possible to verify client certificate BUT ignore expiration-date?
> All,
> Does anyone know if it is possible to perform all other verification of a client certificate EXCEPT allow the certificate to have expired?
> We have a vendor whose certificate has expired, and we want to allow their old certificate to work while they chase their tails trying to figure out the best way to re-issue a new cert for us. *eyeroll*
> Is it possible?
> Thanks,
> -chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190514/9a28ed86/attachment.sig>

More information about the stunnel-users mailing list