Hello. Thanks for the solution. Actually I phrased the
question wrong. I am sorry about that. Let me rephrase
my question. 

I actually tried to create the self signed certificate
without the x509 option using "req" as follows,

1) First generated the cert request,
> openssl req -newkey rsa:1024 -config openssl.cnf 
-out xyz_careq.pem

2) Then generated the certificate as follows,
openssl x509 -req -in xyz_careq.pem -extfile
openssl.cnf -extensions req_extensions -signkey
privatekey.pem -out xyz_cert.pem

3)When I see the expiry dates it shows as follows, 

openssl x509 -subject -issuer -dates -noout -in
xyz_cert.pem
subject= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/[EMAIL PROTECTED]
issuer= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/Email=-----
notBefore=Feb 28 14:21:54 2005 GMT
notAfter=Mar 30 14:21:54 2005 GMT


I have the default_days set as default_days    = 365
in my default_ca

What could be the problem? The certificate is
generated fine with the x509 option as mentioned in my
earlier mail. 


Thanks in advance,

Sanjay Acharya
Wichita State University, Kansas.

--- sravan <[EMAIL PROTECTED]> wrote:

> Hi Sanjay,
> 
> the following is an extract from the 
>
documentation(http://www.openssl.org/docs/apps/req.html)
> for the "req" 
> command :
> ......
> - days  *n
> * when the *-x509* option is being used this
> specifies the number of 
> days to certify the certificate for. *The default is
> 30 days.*
> ......
> 
> so, if u don't specify the above options, the
> default will be 30 days.
> the "default_days"  value from the config file will
> be taken when you 
> are not using the "-x509" option.
> 
> Sravan
> 
> Sanjay Acharya wrote:
> 
> >Hi everyone. I am a newbie with regards to openssl.
> I
> >would really appreciate if anyone can help me with
> >this. I am having a problem with creation of a root
> >certificate in linux. I have created my own
> >configuration file "openssl.cnf" and am using that
> to
> >create a root ca certificate. I am using the
> following
> >command to generate the certificate,
> >
> >  
> >
> >>openssl req -x509 -newkey rsa  -out xyz_cert.pem
> >>    
> >>
> >-outform PEM -config openssl.cnf
> >
> >The problem is that when I check the expiry date
> (Not
> >after), it is set to 30 days from now although I
> have
> >set the default_days to 365.  Any clue why this is
> >happening? Is it because I am using "req" option. I
> am
> >pasting my openssl.cnf below. The expiry date shows
> >fine if I run the above command with the "-days =
> 365"
> >option.
> >
> >Thanks in advance,
> >
> >Sanjay Acharya
> >Wichita State University
> >
> >RANDFILE        = $ENV::HOME/project/.rnd
> >
> >[ ca ]
> >
> >default_ca = my_ca_default
> >
> >[ my_ca_default ]
> >dir             = $ENV::HOME/project
> >certs           = $dir/certs
> >crl_dir         = $dir/crl
> >database        = $dir/index.txt
> >new_certs_dir   = $dir/newcerts
> >
> >certificate     = $dir/cacert.pem
> >serial          = $dir/serial
> >crl             = $dir/crl.pem
> >private_key     = $dir/private/cakey.pem
> >RANDFILE        = $dir/private/.rand
> >
> >default_days    = 365
> >default_crl_days = 1
> >default_md      = sha1
> >
> >x509_extensions = usr_cert
> >policy          = my_policy
> >
> >[ my_policy ]
> >countryName     = match
> >stateOrProvinceName = match
> >organizationName = match
> >organizationalUnitName = supplied
> >commonName      = supplied
> >emailAddress    = supplied
> >
> >[ usr_cert ]
> >basicConstraints=CA:false
> >
> >
> >[ req ]
> >default_bits    = 2048
> >default_md      = sha1
> >default_keyfile = privatekey.pem
> >prompt          = no
> >distinguished_name = req_distinguished_name
> >x509_extensions = req_extensions
> >
> >[ req_distinguished_name ]
> >countryName     = US
> >organizationName = XYZ
> >organizationalUnitName = XYZ Engineering
> Certification
> >Authority
> >stateOrProvinceName = KANSAS
> >localityName    = Wichita
> >commonName      = XYZ Engineering CA
> >emailAddress    = ---
> >
> >[ req_extensions ]
> >basicConstraints = CA:true
> >
> >  
> >
> 
> 
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> openssl-users@openssl.org
> Automated List Manager                          
> [EMAIL PROTECTED]
> 



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to