Hello. Thanks for the solution. Actually I phrased the
question wrong. I am sorry about that. Let me rephrase
my question.
I actually tried to create the self signed certificate
without the x509 option using req as follows,
1) First generated the cert request,
openssl req -newkey rsa:1024 -config openssl.cnf
-out xyz_careq.pem
2) Then generated the certificate as follows,
openssl x509 -req -in xyz_careq.pem -extfile
openssl.cnf -extensions req_extensions -signkey
privatekey.pem -out xyz_cert.pem
3)When I see the expiry dates it shows as follows,
openssl x509 -subject -issuer -dates -noout -in
xyz_cert.pem
subject= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/[EMAIL PROTECTED]
issuer= /C=US/O=XYZ/OU=XYZ Engineering Certification
Authority/ST=KANSAS/L=Wichita/CN=XYZ Engineering
CA/Email=-
notBefore=Feb 28 14:21:54 2005 GMT
notAfter=Mar 30 14:21:54 2005 GMT
I have the default_days set as default_days= 365
in my default_ca
What could be the problem? The certificate is
generated fine with the x509 option as mentioned in my
earlier mail.
Thanks in advance,
Sanjay Acharya
Wichita State University, Kansas.
--- sravan [EMAIL PROTECTED] wrote:
Hi Sanjay,
the following is an extract from the
documentation(http://www.openssl.org/docs/apps/req.html)
for the req
command :
..
- days *n
* when the *-x509* option is being used this
specifies the number of
days to certify the certificate for. *The default is
30 days.*
..
so, if u don't specify the above options, the
default will be 30 days.
the default_days value from the config file will
be taken when you
are not using the -x509 option.
Sravan
Sanjay Acharya wrote:
Hi everyone. I am a newbie with regards to openssl.
I
would really appreciate if anyone can help me with
this. I am having a problem with creation of a root
certificate in linux. I have created my own
configuration file openssl.cnf and am using that
to
create a root ca certificate. I am using the
following
command to generate the certificate,
openssl req -x509 -newkey rsa -out xyz_cert.pem
-outform PEM -config openssl.cnf
The problem is that when I check the expiry date
(Not
after), it is set to 30 days from now although I
have
set the default_days to 365. Any clue why this is
happening? Is it because I am using req option. I
am
pasting my openssl.cnf below. The expiry date shows
fine if I run the above command with the -days =
365
option.
Thanks in advance,
Sanjay Acharya
Wichita State University
RANDFILE= $ENV::HOME/project/.rnd
[ ca ]
default_ca = my_ca_default
[ my_ca_default ]
dir = $ENV::HOME/project
certs = $dir/certs
crl_dir = $dir/crl
database= $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE= $dir/private/.rand
default_days= 365
default_crl_days = 1
default_md = sha1
x509_extensions = usr_cert
policy = my_policy
[ my_policy ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = supplied
commonName = supplied
emailAddress= supplied
[ usr_cert ]
basicConstraints=CA:false
[ req ]
default_bits= 2048
default_md = sha1
default_keyfile = privatekey.pem
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = req_extensions
[ req_distinguished_name ]
countryName = US
organizationName = XYZ
organizationalUnitName = XYZ Engineering
Certification
Authority
stateOrProvinceName = KANSAS
localityName= Wichita
commonName = XYZ Engineering CA
emailAddress= ---
[ req_extensions ]
basicConstraints = CA:true
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
