Hello. Thanks for the solution. Actually I phrased the question wrong. I am sorry about that. Let me rephrase my question.
I actually tried to create the self signed certificate without the x509 option using "req" as follows, 1) First generated the cert request, > openssl req -newkey rsa:1024 -config openssl.cnf -out xyz_careq.pem 2) Then generated the certificate as follows, openssl x509 -req -in xyz_careq.pem -extfile openssl.cnf -extensions req_extensions -signkey privatekey.pem -out xyz_cert.pem 3)When I see the expiry dates it shows as follows, openssl x509 -subject -issuer -dates -noout -in xyz_cert.pem subject= /C=US/O=XYZ/OU=XYZ Engineering Certification Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering CA/[EMAIL PROTECTED] issuer= /C=US/O=XYZ/OU=XYZ Engineering Certification Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering CA/Email=----- notBefore=Feb 28 14:21:54 2005 GMT notAfter=Mar 30 14:21:54 2005 GMT I have the default_days set as default_days = 365 in my default_ca What could be the problem? The certificate is generated fine with the x509 option as mentioned in my earlier mail. Thanks in advance, Sanjay Acharya Wichita State University, Kansas. --- sravan <[EMAIL PROTECTED]> wrote: > Hi Sanjay, > > the following is an extract from the > documentation(http://www.openssl.org/docs/apps/req.html) > for the "req" > command : > ...... > - days *n > * when the *-x509* option is being used this > specifies the number of > days to certify the certificate for. *The default is > 30 days.* > ...... > > so, if u don't specify the above options, the > default will be 30 days. > the "default_days" value from the config file will > be taken when you > are not using the "-x509" option. > > Sravan > > Sanjay Acharya wrote: > > >Hi everyone. I am a newbie with regards to openssl. > I > >would really appreciate if anyone can help me with > >this. I am having a problem with creation of a root > >certificate in linux. I have created my own > >configuration file "openssl.cnf" and am using that > to > >create a root ca certificate. I am using the > following > >command to generate the certificate, > > > > > > > >>openssl req -x509 -newkey rsa -out xyz_cert.pem > >> > >> > >-outform PEM -config openssl.cnf > > > >The problem is that when I check the expiry date > (Not > >after), it is set to 30 days from now although I > have > >set the default_days to 365. Any clue why this is > >happening? Is it because I am using "req" option. I > am > >pasting my openssl.cnf below. The expiry date shows > >fine if I run the above command with the "-days = > 365" > >option. > > > >Thanks in advance, > > > >Sanjay Acharya > >Wichita State University > > > >RANDFILE = $ENV::HOME/project/.rnd > > > >[ ca ] > > > >default_ca = my_ca_default > > > >[ my_ca_default ] > >dir = $ENV::HOME/project > >certs = $dir/certs > >crl_dir = $dir/crl > >database = $dir/index.txt > >new_certs_dir = $dir/newcerts > > > >certificate = $dir/cacert.pem > >serial = $dir/serial > >crl = $dir/crl.pem > >private_key = $dir/private/cakey.pem > >RANDFILE = $dir/private/.rand > > > >default_days = 365 > >default_crl_days = 1 > >default_md = sha1 > > > >x509_extensions = usr_cert > >policy = my_policy > > > >[ my_policy ] > >countryName = match > >stateOrProvinceName = match > >organizationName = match > >organizationalUnitName = supplied > >commonName = supplied > >emailAddress = supplied > > > >[ usr_cert ] > >basicConstraints=CA:false > > > > > >[ req ] > >default_bits = 2048 > >default_md = sha1 > >default_keyfile = privatekey.pem > >prompt = no > >distinguished_name = req_distinguished_name > >x509_extensions = req_extensions > > > >[ req_distinguished_name ] > >countryName = US > >organizationName = XYZ > >organizationalUnitName = XYZ Engineering > Certification > >Authority > >stateOrProvinceName = KANSAS > >localityName = Wichita > >commonName = XYZ Engineering CA > >emailAddress = --- > > > >[ req_extensions ] > >basicConstraints = CA:true > > > > > > > > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
