'RE: SSL Certificates.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: SSL Certificates.
From:       "Mark West" <markw () wwncorp ! net>
Date:       2002-05-30 15:46:14
[Download RAW message or body]

In 'req', add the 'days' argument, '-days 365' for a year, and '-days
30' for 30 days. In addition you do not need to 'genrsa' first, with the
'-newkey' argument 'req' will do it all in one step:

To create a certificate request:

req -config c:/certrequestconf.txt -newkey rsa:512 -days 365 -out
c:\certreq.txt

To create a self signed certificate:

req -config c:/certrequestconf.txt -newkey rsa:512 -days 365 -out
c:\cert.txt -x509

The above examples use a configuration file (c:/certrequestconf.txt )
with contents such as this:
-------------------------------------------------
[ req ]
default_bits		= 512
default_keyfile 		= c:/keyfile.pem
distinguished_name	= req_distinguished_name
attributes			= req_attributes
prompt			= no
output_password		= mypass

[ req_distinguished_name ]
C				= US
ST				= TX
L				= Dallas
O				= Zilog
OU				= MarkWest
CN				= 10.1.11.3
emailAddress		= markw@wwncorp.net

[ req_attributes ]
challengePassword	= A challenge password
-------------------------------------------------

- Mark West
- Quid quid Latine dictum sit, altum viditur
(Whatever is said in Latin sounds important). 
 

-----Original Message-----
From: Sumit Dhar [mailto:sumit.dhar@slmsoft.com] 
Sent: Thursday, May 30, 2002 3:31 AM
To: webappsec@securityfocus.com; security-basics@securityfocus.com
Subject: SSL Certificates.

Hello everyone,

I was trying to implement self signed SSL certificates on a server. 
The commands I used to generate the certificate are:

	openssl genrsa -out server.key 1024
	openssl req -new -key server.key -x509 -out server.crt	 

The whole thing works perfectly, but I have a small problem. The
certificate is valid for a very short period (around a month or so).
I would like the certificate to be valid for maybe around an year or so.


The man page gives no info as regards to how this can be done. Anyone
here have any idea how I can extend the validity period of this self
signed cert? 

With Regards,
Sumit Dhar              [http://dhar.homelinux.com/dhar/]
Manager                 [Research and Product Development]
SLMsoft.com

--
pub  1024D/12F93276 2002-05-23 Sumit Dhar <sumit.dhar@slmsoft.com>
Key fingerprint = EC26 546C 53D1 A549 6763  AB29 310C 6462 12F9 3276



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic