The best we can do, is to take notAfter time of the signing certificate and add that as the signingTime, which will then be used by the Sign command as given.
This will ensure the signature is within valid time-series.
I don't see an easy openssl API to sign things without any signature timestamp.
The best we can do, is to take notAfter time of the signing certificate and add that as the signingTime, which will then be used by the Sign command as given.
This will ensure the signature is within valid time-series.
I don't see an easy openssl API to sign things without any signature timestamp.