On Mon, 6 May 2002, Andrew T. Finnell wrote: > Nope we have our own script that just uses the openssl tool. > Basically we do .\openssl req -config openssl.cfg -newkey > dsa:dsaparam.pem -x509 -nodes -out cacert.pem -keyout cakey.pem In our > openssl.cfg file the only thing near 30 days is the default_crl_days > which is why I thought it might have to do with that.
If you don't specify the number of days using -days, I believe it defaults to 30 days (as specified in openssl.cfg). Add "-days 365" to that command line and the expiration should be a year from now. You can view the expiration date for an x509 certificate by reading the output of $ openssl x509 -text -in mycert.pem Look for something like this: Validity Not Before: Mar 22 16:22:15 2002 GMT Not After : Mar 22 16:22:15 2003 GMT -cj -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 >>>>>>>>> Donate at http://www.milodesigns.com/donate <<<<<<<<< ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]