How often should I refresh a downloaded CA cert?

Christopher_de_Vidal · December 6, 2021, 5:11pm

Newbie question. I’m using a language which embeds mbedtls (MicroPython), and I fetched my server’s certificate using the following command. MicroPython reads this cert on each bootup and uses the values therein for connecting. How can I know when it’s expired and it’s time to refresh it?

openssl s_client -connect securecoop.com:443 -showcerts > securecoop.pem

Christopher_de_Vidal · December 15, 2021, 1:36am

Found the answer. Unbeknownst to me at the time, this is not specific to Mbed.

$ openssl x509 -enddate -noout -in securecoop.pem
notAfter=Jun 10 23:59:59 2022 GMT

Topic		Replies	Views
Certificate being revoked after valid and passed verification for awhile Mbed TLS mbed_tls	0	652	June 13, 2020
Read peer certificate from SSL context Mbed TLS mbed_tls	1	521	September 22, 2022
Mbeddtls debug handling server sending CA/root certificate Mbed OS	1	1004	July 20, 2016
Using server and CA certificates Mbed OS	2	1362	January 18, 2016
Mbedtls_x509_crt_verify 2700 on embedded platform Generic	12	2949	February 4, 2020

How often should I refresh a downloaded CA cert?

Related topics