Hi Zac, Try this command specifying explicitely the number of days: openssl req -config /etc/openssl.cnf -new -x509 -keyout newkey.pem -out newcert.pem -days 365
note: check for the openssl.cnf path For more details you can consult this URL: http://www.linux.org/docs/ldp/howto/SSL-Certificates-HOWTO/x139.html Zac Taylor <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Newbie question, extending life of self-signed certs beyond 30 days. openssl.org 11/07/2002 19:57 Please respond to openssl-users Hi, I have a RH 7.2 system running Apache 2.0.39 and openssl-0.9.6b-8. I used the openssl utilities to create a private key and a self-signed certificate. I noticed that my browser showed the certiciate having a validity of only a month, so I went to the /usr/share/ssl/openssl.cnf file and changed the following : default_days = 3650 default_crl_days = 3650 default_md = sha1 Having re-created the self-signed cert and restarted the web server, I noticed that the browser showed the sha1 encryption (changed from md5), but no change to the validity - I was expecting it to be 10 years. Is there a way to change the default days for a self-signed certificate. When I created it, I was not prompted for the valid days. Thanks in advance, Zac. __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]