> From: owner-openssl-us...@openssl.org On Behalf Of Eric Viseur
> Sent: Tuesday, 28 June, 2011 11:11
> I'm currently setting up a small PKI using Bash scripts calling
> OpenSSL and Apache. However, whatever days of validity I put on the
> command line, it remains to it's default, 365 days.
> - On the CSR generation side, i'm using the following command :
<snip; and config>
That doesn't matter. The CSR doesn't specify the lifetime.
> - On the CS validation side, I use the following command :
>
> $openssl ca -config $dossier/$config -policy policy_match
> -out $dossier/subca/$filename.crt -infiles $dossier/requests/$filename.csr
> -days 3650
> Still, I get <snip: 365 days>
> And I just can't seem to understand why. Any ideas guys ?
-infiles causes all subsequent arguments to be treated as
input files, and not checked for options. If you proceed(ed)
you should get (have gotten) an error for "no such file -days".
Either put -days N before -infiles, or use -in instead of -infiles.
Or use default_days in config *for ca* instead of commandline.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
