Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (871)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3115)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2509)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years.
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date
using the OpenSSL "req -x509 -days" command as shown below.
Without the "-days" option, the resulting certificate is only valid for 30 days.
See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt -days 3650 Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -dates -noout notBefore=Aug 21 13:26:41 2016 GMT notAfter=Aug 19 13:26:41 2026 GMT
⇒ OpenSSL "req -x509 -set_serial" - Certificate Serial Number
2016-11-11, 2751👍, 0💬
Popular Posts:
How can I use Microsoft "certutil -delstore" command? What are command options supported by "certuti...
Why I am getting the "variable lookup failed for ca::serial" error when running OpenSSL "ca" command...
How to view Java user-level trusted certificates using Java Control Panel? To view Java user-level t...
What is ASN.1 OBJECT IDENTIFIER field type? How to specify OBJECT IDENTIFIER field type in OpenSSL "...
Certificate summary - Owner: Dell Inc. Enterprise Issuing CA1, Dell Inc. Issuer: Dell Inc. Enterpris...