setting certificate expiry to more than 30 days

2005-03-02 Thread Sanjay Acharya 
Hello. I am posting this message again. Can someone
help me over this. I am trying to create certificate
using req command as follows,

1) First generated the cert request,
 openssl req -newkey rsa:1024 -config openssl.cnf 
-out xyz_careq.pem

2) Then generated the certificate as follows,
openssl x509 -req -in xyz_careq.pem -extfile
openssl.cnf -extensions req_extensions -signkey
privatekey.pem -out xyz_cert.pem

3)When I see the expiry dates it shows as follows, 

openssl x509 -subject -issuer -dates -noout -in
xyz_cert.pem
subject= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/[EMAIL PROTECTED]
issuer= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/Email=-
notBefore=Feb 28 14:21:54 2005 GMT
notAfter=Mar 30 14:21:54 2005 GMT
 

Why is this happening? The certificate is
generated fine with the x509 and -days 365 option. Can
someone help me on this.

Sanjay Acharya
Wichita State University



---THE openssl.cnf FILE---

RANDFILE= $ENV::HOME/project/.rnd

[ ca ]

default_ca = my_ca_default

[ my_ca_default ]
dir = $ENV::HOME/project
certs   = $dir/certs
crl_dir = $dir/crl
database= $dir/index.txt
new_certs_dir   = $dir/newcerts

certificate = $dir/cacert.pem
serial  = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE= $dir/private/.rand

default_days= 365
default_crl_days = 1
default_md  = sha1

x509_extensions = usr_cert
policy  = my_policy

[ my_policy ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = supplied
commonName  = supplied
emailAddress= supplied

[ usr_cert ]
basicConstraints=CA:false


[ req ]
default_bits= 2048
default_md  = sha1
default_keyfile = privatekey.pem
prompt  = no
distinguished_name = req_distinguished_name
x509_extensions = req_extensions

[ req_distinguished_name ]
countryName = US
organizationName = XYZ
organizationalUnitName = XYZ Engineering Certification
Authority
stateOrProvinceName = KANSAS
localityName= Wichita
commonName  = XYZ Engineering CA
emailAddress= ---

[ req_extensions ]
basicConstraints = CA:true






__ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: setting certificate expiry to more than 30 days

2005-03-02 Thread Bernhard Froehlich 
Sanjay Acharya wrote:
Hello. I am posting this message again. Can someone
help me over this. I am trying to create certificate
using req command as follows,
 

See http://www.openssl.org/docs/apps/req.html
Use -days option.
Ted
;)
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s
Description: S/MIME Cryptographic Signature

Re: setting certificate expiry to more than 30 days

2005-03-02 Thread Sanjay Acharya 
But Ted, if I have to use -days option then why do we
need to specify default_days name-value pairs in the
openssl.cnf? :(

Sanjay Acharya
Wichita State University




--- Bernhard Froehlich [EMAIL PROTECTED] wrote:

 Sanjay Acharya wrote:
 
 Hello. I am posting this message again. Can someone
 help me over this. I am trying to create
 certificate
 using req command as follows,
   
 
 See http://www.openssl.org/docs/apps/req.html
 Use -days option.
 
 Ted
 ;)
 
 -- 
 PGP Public Key Information
 Download complete Key from
 http://www.convey.de/ted/tedkey_convey.asc
 Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1
 0CC8 70F4 7AFB 8D26
 
 

 ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: setting certificate expiry to more than 30 days

2005-03-02 Thread Bernhard Froehlich 
Sanjay Acharya wrote:
But Ted, if I have to use -days option then why do we
need to specify default_days name-value pairs in the
openssl.cnf? :(
Sanjay Acharya
Wichita State University
 

Hmm, default_days is in the CA-section of the config. So I think it 
applies to the CA-command only. It would be worth a try to enter a 
default_days in the req section, but since it's not documented I'd doubt 
that it will work.

Hope it helps,
Ted
;)


smime.p7s
Description: S/MIME Cryptographic Signature