SSL certificate validation date

kmlh · ‎11-02-2006

Greetings,

Why is it that on a SSL module, certificate validity dates are different when cheking

"show crypto ca trustpoints" and

"show ssl-proxy certificate-history" ?

Doesn't the "certificate-history" show the current certificate as well the previously imported ones?

Do we refere only to "show crypto ca trustpoints" to track certificate validity end date?

SSL001#show crypto ca trustpoints testing123

Certificate

Subject:

Name: testing123

CN = testing123

OU = Terms of use at http://www.verisign.com

O = WWW

L = WW

ST = WW

C = WW

CRL Distribution Point:

http://SVRIntl-crl.verisign.com/SVRIntl.crl

Validity Date:

start date: 00:00:00 UTC Apr 11 2006

end date: 23:59:59 UTC Apr 10 2008

renew date: 00:00:00 UTC Jan 1 1970

Associated Trustpoints: testing123

--------

SSL001#show ssl-proxy certificate-history service proxyssl

Record 132, Timestamp: 3w6d, 21:34:55 UTC May 23 2006

Installed Service Certificate, Index 131

Proxy Service: proxyssl, Trust Point: testing123

Validity Start Time: 15:31:50 UTC Nov 15 2005

End Time: 15:31:50 UTC Nov 15 2006

Renew Time: 00:00:00 UTC Jan 1 1970

Thanks

pradeepde · ‎11-08-2006

To authenticate the SSL client, the SSL module verifies the following:

* The certificate at one level is properly signed by the issuer at the next level.

* At least one of the issuer certificates in the certificate chain is trusted by the SSL proxy service.

* None of the certificates in the certificate chain is in the certificate revocation list (CRL) and rejected by any access control list (ACL).

For verifying the SSL client certificates, the SSL module is configured with a list of trusted certificate authorities (certificate authority pool). The SSL module trusts only the certificates issued by the certificate authorities that you configure in the certificate authority pool.