Chris,
Yeah that is what I've had to do. Although I had a default_days
set at 365 , creating a CA seemed to ignore this value. All the other
certificates picked it up fine though.
-
Andrew T. Finnell
Active Solutions L.L.C
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Cleeland
> Sent: Monday, May 06, 2002 5:20 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Default_crl_days
>
>
> On Mon, 6 May 2002, Andrew T. Finnell wrote:
>
> > Nope we have our own script that just uses the openssl tool.
> > Basically we do .\openssl req -config openssl.cfg -newkey
> > dsa:dsaparam.pem -x509 -nodes -out cacert.pem -keyout
> cakey.pem In our
> > openssl.cfg file the only thing near 30 days is the
> default_crl_days
> > which is why I thought it might have to do with that.
>
> If you don't specify the number of days using -days, I
> believe it defaults to
> 30 days (as specified in openssl.cfg). Add "-days 365" to
> that command line
> and the expiration should be a year from now.
>
> You can view the expiration date for an x509 certificate by
> reading the
> output of
>
> $ openssl x509 -text -in mycert.pem
>
> Look for something like this:
>
> Validity
> Not Before: Mar 22 16:22:15 2002 GMT
> Not After : Mar 22 16:22:15 2003 GMT
>
> -cj
>
> --
> Chris Cleeland, cleeland_c @ ociweb.com,
> http://www.milodesigns.com/~chris
> Principal Software
> Engineer, Object Computing, Inc., +1 314 579 0066
> Support Me Supporting Cancer Survivors in Ride for the
> Roses 2002
> >>>>>>>>> Donate at http://www.milodesigns.com/donate
> <<<<<<<<<
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
