Re: [Openvpn-users] Using easyrsa3 - how to set longer expiration than 10 years?

Fri, 06 Oct 2023 14:02:25 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256






Sent with Proton Mail secure email.

------- Original Message -------
On Friday, October 6th, 2023 at 21:17, Bo Berglund <bo.bergl...@gmail.com> 
wrote:


> In easyrsa2 one could enter a longer expiration than 3650 days by editing the
> vars file and changing these entries
> 
> export CA_EXPIRE=3650
> export KEY_EXPIRE=3650
> 
> to a different value like 7300 (20 years).
> 
> How is it done correctly using easyrsa3?
> 
> Like this?
>
> - rename vars.example to vars
> - Activate lines and values:
> set_var EASYRSA_CA_EXPIRE 7300
> set_var EASYRSA_CERT_EXPIRE 7200

That will also set standard certificate expiry to 7200 days.

For the CA only, you could use `easyrsa --days=7300 build-ca`

Option --days can be used by any command that require an expiration date.


> I have noted that these two have defaults of 3650 and 825 days respectively,
> what is the reason for that and will my suggested expirations above not work?

They apply to different certificates, as shown above.

Also documented in vars.example:

# In how many days should the root CA key expire?
#
#set_var EASYRSA_CA_EXPIRE      3650

# In how many days should certificates expire?
#
#set_var EASYRSA_CERT_EXPIRE    825


HTH
-- 


> 
> 
> --
> Bo Berglund
> Developer in Sweden
> 
> 
> 
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAnBYJlIHUyCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAACG+Af/cynC8jDiQLyy4vOw3CcObPqMd2qUr2N+1EOPjVun4CpPYDSs
0qc6POP4cLOCBQgkXCpuoG+BCgkql+pqHkQOj1PheiulczZjn6u0QmePc+9O
fL5SpayRSjNZL8KIobg1wzYximXQL+yh9cY00lRGFIvOE6AZDrL6dMwKayAZ
+5pQ2vy6GD67uZDyNFyekInsAsnVPRyZPPbtDzo0Abfk0tDcaIB5Ppg5ds6u
L7K7qW7v+NaJTvrAGeRIoS6t3d7VBNNZu+dUoPgfKCBOCqecvVc/zw8kKKoh
DQvsktWZjbZ98zCsr0ZBpj6xDKHWjxBVWEh2BRIE7wRZcHfje6tJgQ==
=PxZy
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to