default_days problem

Sanjay Acharya Mon, 28 Feb 2005 02:53:38 -0800

Hi everyone. I am a newbie with regards to openssl. I
would really appreciate if anyone can help me with
this. I am having a problem with creation of a root
certificate in linux. I have created my own
configuration file "openssl.cnf" and am using that to
create a root ca certificate. I am using the following
command to generate the certificate,


> openssl req -x509 -newkey rsa  -out xyz_cert.pem
-outform PEM -config openssl.cnf

The problem is that when I check the expiry date (Not
after), it is set to 30 days from now although I have
set the default_days to 365.  Any clue why this is
happening? Is it because I am using "req" option. I am
pasting my openssl.cnf below. The expiry date shows
fine if I run the above command with the "-days = 365"
option.

Thanks in advance,

Sanjay Acharya
Wichita State University

RANDFILE        = $ENV::HOME/project/.rnd

[ ca ]

default_ca = my_ca_default

[ my_ca_default ]
dir             = $ENV::HOME/project
certs           = $dir/certs
crl_dir         = $dir/crl
database        = $dir/index.txt
new_certs_dir   = $dir/newcerts

certificate     = $dir/cacert.pem
serial          = $dir/serial
crl             = $dir/crl.pem
private_key     = $dir/private/cakey.pem
RANDFILE        = $dir/private/.rand

default_days    = 365
default_crl_days = 1
default_md      = sha1

x509_extensions = usr_cert
policy          = my_policy

[ my_policy ]
countryName     = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = supplied
commonName      = supplied
emailAddress    = supplied

[ usr_cert ]
basicConstraints=CA:false


[ req ]
default_bits    = 2048
default_md      = sha1
default_keyfile = privatekey.pem
prompt          = no
distinguished_name = req_distinguished_name
x509_extensions = req_extensions

[ req_distinguished_name ]
countryName     = US
organizationName = XYZ
organizationalUnitName = XYZ Engineering Certification
Authority
stateOrProvinceName = KANSAS
localityName    = Wichita
commonName      = XYZ Engineering CA
emailAddress    = ---

[ req_extensions ]
basicConstraints = CA:true



                
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

default_days problem

Reply via email to