Re: [Openca-Users] Certificate Expiration in Batch Interface

Mon, 09 Jan 2006 01:43:17 -0800 

Oliver Welter wrote:


Hi Michael,


You are refering to the database table "request", right? Finally got it.
Sooo...noo, there is no field "cert_notafter" or the like in the request
table of my mysql database. The DB-logfile shows me, that the request header which was stored actually contains the CERT_NOTAFTER field with the intended value. Is a field "certn_notafter" in the request table necessary? 


The table request, field data must contain something like this:
-----BEGIN HEADER-----
TYPE = PKCS#10
RA = BATCH SYSTEM
SERIAL = 640
NOTBEFORE = Wed Aug 10 15:12:42 2005 UTC

CERT_NOTAFTER = 061001000000 <<<<<<<<<<<<<<<<<<<<<<<THIS MuST BE HERE

PIN = 1dbe2d8f933bb402427518c569b76436b402056b
SUBJECT = CN=Thomas Tester,OU=Student,OU=myTUM CA,O=Technische Universitaet Muenchen,C=DE 
SUBJECT_ALT_NAME = email:[EMAIL PROTECTED]
LOA = 40
-----END HEADER-----
If there is no "CERT_NOTAFTER" field, the validity interval is set by the openssl config when issuing. So you can of course change this in the openssl.config but it will affect all certificates of this role. 

Oliver


Hil Oliver!

[My postings arrived out of order, so dont let yourself be confused! :)]

Well..the database table does contain the header (of course) but the header
does NOT contain the CERT_NOTAFTER field...

But what does this tell me? Aparently things go wrong while the request
is being prepared....*think*

Regards
Michael


--
accom GmbH & Co. KG
GrĂ¼ner Weg 100
52070 Aachen

Tel: +49 241 918 5228
Fax: +49 241 918 5299


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to