Thera are 2 ways.
1) Write a script that sets up tha correct values
and than pass them to the command line
2) Patch tha ca command
I've chosen the last one.
I sent the patch on this list some weeks ago. Search for "Useful CA
patch"
subject in the archive.
[EMAIL PROTECTED] wrote:
>
> I'm using openssl 09.5.a
>
> For making a new CA, I specify validity of 1000 days and I also want my certs to
> be valid , by default (i.e. if no end date is specified), to be valid for as
> long as the CA.
> For this I specified the following in openssl.cnf
>
> default_days = 1000 # how long to certify for
>
> But by doing this the certs become valid for 1000 days from the system date. Now
> if I configure my CA today (valid till 1000 days from now) and then sign a
> cert tommorow (for 1000 days),
> its end date is one day more than the end date of my CA. Thus all the certs I
> sign are invalid. When I click a .der, it shown invalid and a msg is
> displayed..."The validity period of this certificate exceeds
> that of its certification authority."
>
> Even if put default_days = 365, my certs shall begin to go invalid one year
> before my CA expires!! ??
>
> Is there any way to ensure that my certs are valid for as long as my CA is ??
>
> What setting do I need to make??
>
> Thanx in advance
>
> Shobhit
>
> -------------------------------------------------------------------------------------
> "This email message and files transmitted with it are confidential, proprietary
> and legally privileged. If the message that is received is an error, or if there
> is any mistransmission, the originator must be notified immediately as the
> unauthorized use, dissemination, publication, transfer or any other use of the
> message by unauthorized person is strictly forbidden by law and prohibited. If
> anybody commits violation then he would be legally liable and punishable under
> the relevant law. The intended recipient can be rest assured that the
> confidentiality and privilege is not waived or lost by any such mistransmission.
>
> Internet communications are not secure unless it is protected by using strong
> cryptography. TCS does not accept any responsibility whatsoever for changes in
> the nature of modifications, additions, deletions made to the message once it is
> sent.
>
> TCS reserves the right to monitor all e-mail communications through its
> network."
> -------------------------------------------------------------------------------------
>
> Tata Consultancy Services
> www.tcs.com
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
FERDINANDO RICCHIUTI
Research & Development
CSP s.c. a r.l.
____________________________________________
Villa Gualino
Viale Settimo Severo, 63 - 10133 Torino [IT]
e-mail [EMAIL PROTECTED]
mob +39 (0)348 6023959
tel +39 (0)11 3165401
____________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
