On Thu, 4 Aug 2011, Alan Buxey wrote:
Hi,
Thank you! But now I'm spending my time with another issue with this: I
cannot create certificate longer than I month:
This is my CA certificate validity:
...
Not Before: Aug 3 10:07:14 2011 GMT
Not After : Aug 2 10:07:14 2012 GMT
...
This is my server's certificate validity (created today):
...
Not Before: Aug 4 07:27:29 2011 GMT
Not After : Sep 3 07:27:29 2011 GMT
...
The server certificate was created by command:
openssl req -new -key server.key -out server.csr -days 365
As you can see, the "-days X" did not helped...
check your openssl conf file - eg /etc/pki/tls/openssl.cnf on redhat/centos
this is a place where you can specify default values for duration, using SHA1
rather than MD5, default certificate size etc etc
alan
Yes, I know about my config file /etc/pki/tls/openssl.cnf, here is it's
content:
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
Is it possible that the "default_crl_days= 30" causes the strange
bahaviour? If not, the "-days X" should do the job, but it doesn't. Other
text "30" is not present in the file. Setting the default_crl_days to
other value did not helped...
Tomas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
