Hi Sanjay,
the following is an extract from the documentation(http://www.openssl.org/docs/apps/req.html) for the "req" command :
......
- days *n
* when the *-x509* option is being used this specifies the number of days to certify the certificate for. *The default is 30 days.*
......
so, if u don't specify the above options, the default will be 30 days.
the "default_days" value from the config file will be taken when you are not using the "-x509" option.
Sravan
Sanjay Acharya wrote:
Hi everyone. I am a newbie with regards to openssl. I would really appreciate if anyone can help me with this. I am having a problem with creation of a root certificate in linux. I have created my own configuration file "openssl.cnf" and am using that to create a root ca certificate. I am using the following command to generate the certificate,
openssl req -x509 -newkey rsa -out xyz_cert.pem
-outform PEM -config openssl.cnf
The problem is that when I check the expiry date (Not after), it is set to 30 days from now although I have set the default_days to 365. Any clue why this is happening? Is it because I am using "req" option. I am pasting my openssl.cnf below. The expiry date shows fine if I run the above command with the "-days = 365" option.
Thanks in advance,
Sanjay Acharya Wichita State University
RANDFILE = $ENV::HOME/project/.rnd
[ ca ]
default_ca = my_ca_default
[ my_ca_default ] dir = $ENV::HOME/project certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem serial = $dir/serial crl = $dir/crl.pem private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand
default_days = 365 default_crl_days = 1 default_md = sha1
x509_extensions = usr_cert policy = my_policy
[ my_policy ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = supplied commonName = supplied emailAddress = supplied
[ usr_cert ] basicConstraints=CA:false
[ req ] default_bits = 2048 default_md = sha1 default_keyfile = privatekey.pem prompt = no distinguished_name = req_distinguished_name x509_extensions = req_extensions
[ req_distinguished_name ] countryName = US organizationName = XYZ organizationalUnitName = XYZ Engineering Certification Authority stateOrProvinceName = KANSAS localityName = Wichita commonName = XYZ Engineering CA emailAddress = ---
[ req_extensions ] basicConstraints = CA:true
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]