Looking at my bat files, yes, I say –days 3650 on an openssl x509 –req
Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 18, 2012 8:08 PM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: Re: Digital certificate with more than 1 year validity I do it all the time. -days 3650 as I recall. -- Sent from my mobile phone. Please excuse my brevity. Charles Wim Lewis <w...@omnigroup.com> wrote: On 17 Sep 2012, at 9:13 PM, Santhosh AP wrote: > Kindly help us to create digital certificate having more than 365 day’s > validity. At present we are using OpenSSL 0.9.7a Feb 19 2003 version. Kindly > confirm is it possible to cross the certificate validity more than 1 year, if > it’s possible how to do it. I don't think there is anything preventing you from specifying a longer validity period, either on the command line to the 'ca' command or in the relevant ca section of the config file. (Some documentation says to specify it when creating the CSR, but this is wrong: the CSR does not carry that information as far as I know. The validity period is chosen by the CA when it creates the certificate.)