I've always used the -days option to set the end date, and never really needed to set the start date - if the start date is in the future you can sequester the certificate until that date arrives (modulo distribution issues). I think I use -days 400 for a one-year cert (one year, one month grace, plus a few days extra). I guess it all depends on how fine-grained control over dates that you need for your particular application.
I don't expect it would be TOO difficult to put the options into req, but I've had a policy here of trying not to modify the source code, which in 20/20 hindsight may or may not have been a Good Thing.
Olaf Gellert wrote:
Hi,
I was just searching for a way to create root certificates with specified startdate and enddate using openssl. The "openssl ca" tool supports the according arguments -startdate and -enddate, but obviously "openssl req", which is used to generate root certificates, does not. Any other way to do this (besides changing the system time)?
Olaf
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]