>Error 6713 General Error. New certificate would exceed CA-certificates lifetime..
Not fine. I guess this would be corrected by a (easy to implement ?) test that would shorten the requested certificate lifetime up to the NotAfter of the CA and print a warning instead ? (certificate life shortened). Since there is an error, there is already a test, anyway :-)
That's correct. There is a test in crypto-utils.lib. The short story is that you can manually shorten the certificate lifetime in OPENCADIR/openssl/openssl/*.conf (no typo).
The long story is that a certificate lifetime is defined by a policy specification. So the software has to issue a certificate for a standard lifetime. The software should never change a specified lifetime automatically because this can break the policy and/or any other automatic or manual lifetime procedures like automatic renewal or informal letters. So you can change the lifetime manually but the software will never do this by default - except you find a good reason to implement such a special case.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
