On to, 19 tammi 2017, Bret Wortman wrote:
It seems all our certs being signed by the FreeIPA CA are given 2 year
expirations. We'd like to increase that to 5 years. I've added "-v 60"
to our certutil commands generating the CSRs, but the CA is still only
issuing 24 month certs.
What do I need
I'm generating CSRs like this:
# certutil -R -d $DB -a -g 2048 -v 60 -s "CN=${HOST},O=DAMASCUSGRP.COM" -8
${SHORTHOST},${HOST}
Then pasting this into the web interface of our IPA instance under
"Actions->New Certificate" on the host's page. I then use Actions->View
Certificate and see that
It seems all our certs being signed by the FreeIPA CA are given 2 year
expirations. We'd like to increase that to 5 years. I've added "-v 60"
to our certutil commands generating the CSRs, but the CA is still only
issuing 24 month certs.
What do I need to change to issue certs with longer lifet