Collections:
Other Resources:
OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years.
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date using the OpenSSL "req -x509 -days" command as shown below. Without the "-days" option, the resulting certificate is only valid for 30 days. See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt -days 3650 Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -dates -noout notBefore=Aug 21 13:26:41 2016 GMT notAfter=Aug 19 13:26:41 2026 GMT
⇒ OpenSSL "req -x509 -set_serial" - Certificate Serial Number
2016-11-11, 4393🔥, 0💬
Popular Posts:
Certificate summary - Owner: *.4shared.com, Domain Control Validated Issuer: SERIALNUMBER=07969287, ...
Certificate Summary: Subject: Amazon RSA 2048 M01 Issuer: Amazon Root CA 1 Expiration: 2030-08-23 22...
Certificate summary - Owner: Entrust Certification Authority - L1K, "(c) 2012 Entrust, Inc. - for au...
Certificate summary - Owner: Go Daddy Root Certificate Authority - G2, "GoDaddy.com, Inc.", L=Scotts...
Certificate summary - Owner: blog.seesaa.jp, Domain Control Validated - QuickSSL(R) Premium, See www...