RE: Default_crl_days

Mon, 06 May 2002 13:44:59 -0700 

Neff,
        
        Nope we have our own script that just uses the openssl tool.
Basically we do .\openssl req -config openssl.cfg -newkey
dsa:dsaparam.pem -x509 -nodes -out cacert.pem -keyout cakey.pem In our
openssl.cfg file the only thing near 30 days is the default_crl_days
which is why I thought it might have to do with that.

- 
Andrew T. Finnell
Active Solutions L.L.C
[EMAIL PROTECTED] 

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]] On Behalf Of Neff Robert A
> Sent: Monday, May 06, 2002 3:54 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Default_crl_days
> 
> 
> Andrew,
> If you are using the makess.bat file to generate your CA 
> cert, I would look at that and check for a param called -days 
> in the X509 command.  This also may show you why your certs 
> are expiring. Hope that helps, Rob
> 
> -----Original Message-----
> From: Andrew T. Finnell [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 06, 2002 3:37 PM
> To: 'OpenSSL User'
> Subject: Default_crl_days
> 
> 
> We are having a problem with our certificates becoming 
> invalid in 30 days for our custom application. I looked at 
> the openssl.cfg file we use when creating our self-CA and 
> certificate/key pairs and the only thing that stands out to 
> me is default_crl_days being set to 30 days. Could someone 
> tell me if this would explain the self-signed CA expiring? We 
> do not do any CRL checking so why would this effect anything? Thanks.
> 
> - 
> Andrew T. Finnell
> Active Solutions L.L.C
> [EMAIL PROTECTED] 
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> *****************************************************************
> DISCLAIMER:   The information contained in this e-mail may be 
> confidential
> and is intended solely for the use of the named addressee.  
> Access, copying or re-use of the e-mail or any information 
> contained therein by any other person is not authorized.  If 
> you are not the intended recipient please
> notify us immediately by returning the e-mail to the originator.    
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to