On Mon, 6 May 2002, Andrew T. Finnell wrote:
> Nope we have our own script that just uses the openssl tool.
> Basically we do .\openssl req -config openssl.cfg -newkey
> dsa:dsaparam.pem -x509 -nodes -out cacert.pem -keyout cakey.pem In our
> openssl.cfg file the only thing near 30 days is the default_crl_days
> which is why I thought it might have to do with that.
If you don't specify the number of days using -days, I believe it defaults to
30 days (as specified in openssl.cfg). Add "-days 365" to that command line
and the expiration should be a year from now.
You can view the expiration date for an x509 certificate by reading the
output of
$ openssl x509 -text -in mycert.pem
Look for something like this:
Validity
Not Before: Mar 22 16:22:15 2002 GMT
Not After : Mar 22 16:22:15 2003 GMT
-cj
--
Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris
Principal Software Engineer, Object Computing, Inc., +1 314 579 0066
Support Me Supporting Cancer Survivors in Ride for the Roses 2002
>>>>>>>>> Donate at http://www.milodesigns.com/donate <<<<<<<<<
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
