Jean-Marc Desperrier wrote:
>
> Xeno Campanoli wrote:
> >> I want to explicitly set the Not Before and Not After dates on my self
> >> signed certificate, for testing purposes. My only example for making
> >> the self signed certificate with the OpenSSL applications, however, is
> >> with the openssl req facility, which only allows you to specify days,
> >> from what I can tell. Does anyone out there know a method for making
> >> such an explicitly dated self signed certificate? Please do tell.
>
> I know one.
> Generate a self signed certificate with -req.
I've only generated self signed certificates with openssl req -x509. I
can't seem to find the combination that you might mean with openssl
x509. When I generate a self signed certificate with openssl req -x509
and then try to use it as a request, I get:
Error reading certificate request in {filespec} when I try to re-sign
it.
I may be leaving something out. Can you give me some examples? My
config files are okay I think, as I generate them dynamically for the
circumstance, and they are working elsewhere.
>
> then use openssl ca by telling it to use for the ca certificate the
> self-signed certificate you generated ( -cert ss.pem ) and for the request
> the same self-signed certificate (-ss_cert ss.pem).
>
> This gives you access to the options -startdate -enddate in the call to
> openssl ca to set the start/end date of the certificate.
> You will have to play with openssl.cnf to set the correct parameters for this
> micro CA to work.
>
> > Xeno Campanoli wrote:
> > By the way, I just tried setting -days 0 for opensslreq to try and get a
> > certificate with no valid duration, and this gives a default of 30
> > days. Didn't anybody think of test data when they wrote this stuff?
>
> So what ? For openssl setting 0 is equivalent to not setting this option, and
> you will get the default value instead.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
===: [EMAIL PROTECTED] :========================================
Collecting pledges for the Courage Classic Bicycle ride. It funds two
children's charities: www.courageclassic.com. I have 29 contributers
so far, for $465.75 ($399.75 from Aventail folks), presuming I finish.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
