Hi Sanjay,

the following is an extract from the documentation(http://www.openssl.org/docs/apps/req.html) for the "req" command :
- days *n
* when the *-x509* option is being used this specifies the number of days to certify the certificate for. *The default is 30 days.*

so, if u don't specify the above options, the default will be 30 days.
the "default_days" value from the config file will be taken when you are not using the "-x509" option.


Sanjay Acharya wrote:

Hi everyone. I am a newbie with regards to openssl. I
would really appreciate if anyone can help me with
this. I am having a problem with creation of a root
certificate in linux. I have created my own
configuration file "openssl.cnf" and am using that to
create a root ca certificate. I am using the following
command to generate the certificate,

openssl req -x509 -newkey rsa -out xyz_cert.pem

-outform PEM -config openssl.cnf

The problem is that when I check the expiry date (Not
after), it is set to 30 days from now although I have
set the default_days to 365.  Any clue why this is
happening? Is it because I am using "req" option. I am
pasting my openssl.cnf below. The expiry date shows
fine if I run the above command with the "-days = 365"

Thanks in advance,

Sanjay Acharya
Wichita State University

RANDFILE        = $ENV::HOME/project/.rnd

[ ca ]

default_ca = my_ca_default

[ my_ca_default ]
dir             = $ENV::HOME/project
certs           = $dir/certs
crl_dir         = $dir/crl
database        = $dir/index.txt
new_certs_dir   = $dir/newcerts

certificate     = $dir/cacert.pem
serial          = $dir/serial
crl             = $dir/crl.pem
private_key     = $dir/private/cakey.pem
RANDFILE        = $dir/private/.rand

default_days    = 365
default_crl_days = 1
default_md      = sha1

x509_extensions = usr_cert
policy          = my_policy

[ my_policy ]
countryName     = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = supplied
commonName      = supplied
emailAddress    = supplied

[ usr_cert ]

[ req ] default_bits = 2048 default_md = sha1 default_keyfile = privatekey.pem prompt = no distinguished_name = req_distinguished_name x509_extensions = req_extensions

[ req_distinguished_name ]
countryName     = US
organizationName = XYZ
organizationalUnitName = XYZ Engineering Certification
stateOrProvinceName = KANSAS
localityName    = Wichita
commonName      = XYZ Engineering CA
emailAddress    = ---

[ req_extensions ]
basicConstraints = CA:true

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to