Eric Murphy wrote: > Is there a way to set the expiration date for signtool? Right now it is > only 4 months from the time of creation. > > Also, what does the -z option mean? The certificate never expires? > > I'm trying to avoid actually paying for a certificate... and just have > users install a certificate off the website. > > Thanks, > Eric >
It does not look like it is possible to set the expiration date of the generated certificate with signtool. You should use certutil, which is a much more powerful (dare I say) tool for creating certs. Both tools are documented at http://www.mozilla.org/projects/security/pki/nss/tools/ The simplest way to create certs is to use certutil -S. The -z option affects the time used in the signature, not in the creation of a certificate. -Ian
