setting certificate expiry to more than 30 days

Wed, 02 Mar 2005 08:20:06 -0800 

Hello. I am posting this message again. Can someone
help me over this. I am trying to create certificate
using "req" command as follows,

1) First generated the cert request,
> openssl req -newkey rsa:1024 -config openssl.cnf 
-out xyz_careq.pem

2) Then generated the certificate as follows,
openssl x509 -req -in xyz_careq.pem -extfile
openssl.cnf -extensions req_extensions -signkey
privatekey.pem -out xyz_cert.pem

3)When I see the expiry dates it shows as follows, 

openssl x509 -subject -issuer -dates -noout -in
xyz_cert.pem
subject= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/[EMAIL PROTECTED]
issuer= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/Email=-----
notBefore=Feb 28 14:21:54 2005 GMT
notAfter=Mar 30 14:21:54 2005 GMT
 

Why is this happening? The certificate is
generated fine with the x509 and -days 365 option. Can
someone help me on this.

Sanjay Acharya
Wichita State University



---THE openssl.cnf FILE---

RANDFILE        = $ENV::HOME/project/.rnd

[ ca ]

default_ca = my_ca_default

[ my_ca_default ]
dir             = $ENV::HOME/project
certs           = $dir/certs
crl_dir         = $dir/crl
database        = $dir/index.txt
new_certs_dir   = $dir/newcerts

certificate     = $dir/cacert.pem
serial          = $dir/serial
crl             = $dir/crl.pem
private_key     = $dir/private/cakey.pem
RANDFILE        = $dir/private/.rand

default_days    = 365
default_crl_days = 1
default_md      = sha1

x509_extensions = usr_cert
policy          = my_policy

[ my_policy ]
countryName     = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = supplied
commonName      = supplied
emailAddress    = supplied

[ usr_cert ]
basicConstraints=CA:false


[ req ]
default_bits    = 2048
default_md      = sha1
default_keyfile = privatekey.pem
prompt          = no
distinguished_name = req_distinguished_name
x509_extensions = req_extensions

[ req_distinguished_name ]
countryName     = US
organizationName = XYZ
organizationalUnitName = XYZ Engineering Certification
Authority
stateOrProvinceName = KANSAS
localityName    = Wichita
commonName      = XYZ Engineering CA
emailAddress    = ---

[ req_extensions ]
basicConstraints = CA:true




        
                
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to