asyd · Owen-M8 · Jun 11, 2025
diff --git a/pom.xml b/pom.xml
@@ -50,6 +50,14 @@
                     </execution>
                 </executions>
             </plugin>
+<plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>exec-maven-plugin</artifactId>
+            <version>1.2.1</version>
+            <configuration>
+                <mainClass>com.opencsi.jscepcli.App</mainClass>
+            </configuration>
+        </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>

diff --git a/src/main/java/com/opencsi/jscepcli/App.java b/src/main/java/com/opencsi/jscepcli/App.java
@@ -194,38 +194,6 @@ public void scepCLI() throws Exception {
                 }
                 System.out.println("Certificate issued for subject DN: " + clientCertificate.getSubjectDN().getName());
 
-                if(params.getText() || params.getCrlFile() != null)
-                {
-                    X509CRL crl;
-
-                    try {
-                        crl = client.getRevocationList(clientCertificate,
-                                                       kp.getPrivate(),
-                                                       clientCertificate.getIssuerX500Principal(),
-                                                       clientCertificate.getSerialNumber(),
-                                                       params.getCaIdentifier());
-
-                        saveToPEM(params.getCrlFile(), crl);
-
-                        if(params.getText() && crl != null) {
-                            printPEM("Certificate Revocation List", crl);
-                        }
-
-                    }
-                    catch(OperationFailureException ofe)
-                    {
-                        System.err.println("Could not retrieve CRL.");
-                        if(params.getVerbose()) {
-                            ofe.printStackTrace();
-                        }
-                    }
-                }
-                else
-                {
-                    if(params.getVerbose()) {
-                        System.err.println("Skipping CRL output (neither a file nor --text was specified)");
-                    }
-                }
 
             } else {
                 System.err.println("Failure response: " + response.getFailInfo());

diff --git a/src/main/java/com/opencsi/jscepcli/CertUtil.java b/src/main/java/com/opencsi/jscepcli/CertUtil.java
@@ -6,6 +6,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
+import java.time.temporal.ChronoUnit;
 import java.security.KeyPair;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -40,7 +41,7 @@ public X509Certificate createSelfSignedCertificate(KeyPair kp, String dn) throws
 
         X500Name principal = new X500Name(dn);
         SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
-        final X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(principal, serial, now, now, principal, spki);
+        final X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(principal, serial, now, Date.from(now.toInstant    ().plus(1, ChronoUnit.DAYS)), principal, spki);
         final ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(kp.getPrivate());
         final X509CertificateHolder certHolder = certbuilder.build(signer);
         return (X509Certificate) CertificateFactory.getInstance("X.509", new BouncyCastleProvider()).generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));