search for: cert_valid_from

...from four weeks ago to four weeks from now), This sounds like the interval is from 4 weeks ago and to 4 weeks from now. But according to the code, 'to' is created relatively to from not now: ssh-keygen.c: 1740 if (*from == '-' || *from == '+') 1741 cert_valid_from = parse_relative_time(from, now); 1742 else 1743 cert_valid_from = parse_absolute_time(from); 1744 1745 if (*to == '-' || *to == '+') 1746 cert_valid_to = parse_relative_time(to, cert_valid_from); 1747 else 1748...

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan