[ovs-dev] [PATCH] ovs-pki: Extend validity of generated CA certificates from 3 to 6 years.

Jesse Gross jesse at nicira.com
Wed Sep 16 21:33:55 UTC 2009


6 years and a day?  Is that extra day supposed to be there?  I'm not 
sure it makes that much of a difference...

Otherwise looks fine.

Ben Pfaff wrote:
> Dan requested this change to make it less likely that a user encounter a
> CA certificate expiring.
>
> For the "citrix" branch instead of "master" in case a customer upgrades
> (without generating new CA certificates) away from the beta.
>
> CC: Dan Wendlandt <dan at nicira.com>
> ---
>  utilities/ovs-pki.in |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
> index 22b5f2a..39d5782 100755
> --- a/utilities/ovs-pki.in
> +++ b/utilities/ovs-pki.in
> @@ -271,7 +271,7 @@ EOF
>              -newkey $newkey -keyout private/cakey.pem -out careq.pem \
>              1>&3 2>&3
>          openssl ca -config ca.cnf -create_serial -out cacert.pem \
> -            -days 1095 -batch -keyfile private/cakey.pem -selfsign \
> +            -days 2191 -batch -keyfile private/cakey.pem -selfsign \
>              -infiles careq.pem 1>&3 2>&3
>          chmod 0700 private/cakey.pem
>  
>   




More information about the dev mailing list