[ovs-dev] [PATCH] ovs-pki: Increase the validity period for all certificates.
Gurucharan Shetty
shettyg at nicira.com
Fri Feb 8 22:49:12 UTC 2013
This patch increases the certificate validity to 100 years
for certificate authorities, the certificates that they certify
and for self signed certificates.
Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
---
utilities/ovs-pki.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 1f15410..a506375 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -272,7 +272,7 @@ certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
-default_days = 365 # how long to certify for
+default_days = 36525 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
policy = policy # default policy
@@ -303,7 +303,7 @@ EOF
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days 2191 -batch -keyfile private/cakey.pem -selfsign \
+ -days 36525 -batch -keyfile private/cakey.pem -selfsign \
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem
@@ -514,7 +514,7 @@ elif test "$command" = self-sign; then
# Create both the private key and certificate with restricted permissions.
(umask 077 && \
openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
- -signkey "$arg1-privkey.pem" -req -days 2191 -text) 2>&3 || exit $?
+ -signkey "$arg1-privkey.pem" -req -days 36525 -text) 2>&3 || exit $?
# Reset the permissions on the certificate to the user's default.
cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"
--
1.7.9.5
More information about the dev
mailing list