[ovs-dev] [PATCH] ovs-pki: Extend validity of generated CA certificates from 3 to 6 years.
Ben Pfaff
blp at nicira.com
Wed Sep 16 21:09:36 UTC 2009
Dan requested this change to make it less likely that a user encounter a
CA certificate expiring.
For the "citrix" branch instead of "master" in case a customer upgrades
(without generating new CA certificates) away from the beta.
CC: Dan Wendlandt <dan at nicira.com>
---
utilities/ovs-pki.in | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 22b5f2a..39d5782 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -271,7 +271,7 @@ EOF
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+ -days 2191 -batch -keyfile private/cakey.pem -selfsign \
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem
--
1.6.3.3
More information about the dev
mailing list