OpenSSL "req -x509 -days" - Longer Self-Signed Certificate

Q

Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years.

✍: FYIcenter.com

A

Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date using the OpenSSL "req -x509 -days" command as shown below. Without the "-days" option, the resulting certificate is only valid for 30 days. See the example below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt 
   -days 3650
Enter pass phrase for rsa_test.key:fyicenter

OpenSSL> x509 -in rsa_test.crt -dates -noout
notBefore=Aug 21 13:26:41 2016 GMT
notAfter=Aug 19 13:26:41 2026 GMT

⇒ OpenSSL "req -x509 -set_serial" - Certificate Serial Number

⇐ OpenSSL "req -x509" - Sign My Own CSR

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-11, 2751👍, 0💬

OpenSSL "req -config" - Using Configuration File
Can I use my own configuration file when running "req" command? Yes, you can specify your own configuration file using the "-config file" option when running the "req" command. OpenSSL configuration file allows you to control the behavior of the "req" command with the following options: utf8 - If se... 2016-11-03, 7662👍, 0💬

OpenSSL "req -x509 -md5" - MD5 Digest for Signing
Can I using MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509" command? Yes, you can use MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509 -md5" command Without the "-md5" option, the default SHA256 digest algorithm ... 2016-11-05, 3213👍, 0💬

OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years. Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date using the OpenSSL "req -x509 -days" command as shown b... 2016-11-11, 2752👍, 0💬

OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate
How to generate a new private key with a public key and generate a self-signed certificate using a single OpenSSL "req" command? If you do not have a pair of private key and public key, and you want to generate self-signed certificate to represent your personal identity or server identity, you can u... 2016-11-15, 2160👍, 0💬

OpenSSL "verify" - Validate Self-Signed Certificate
How to validate a self-signed certificate using OpenSSL "verify" command? You can validate your self-signed certificate using the OpenSSL "verify" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL> verify rsa_test.crt rsa_test.crt: C = us, ST = NY, L = New Y... 2016-11-15, 1810👍, 0💬

OpenSSL "x509 -text" - View Self-Signed Certificate in Text
How to print contents of a self-signed certificate in text format using OpenSSL "x509" command? If you want to see contents of a self-signed certificate in text format, you can use the OpenSSL "x509 -text" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL> x... 2016-11-20, 1775👍, 0💬

OpenSSL Not Validate Signature in Self-Signed Certificate
Does OpenSSL "verify" command really validate the digital signature in a self-signed certificate? No, OpenSSL "verify" command does not validate the digital signature in a self-signed certificate. In the following test, a CSR with an RSA public key was "self-signed" by the OpenSSL "req -x509" comman... 2016-11-03, 1679👍, 0💬

OpenSSL "req -x509" - Sign CSR with Different Key
Can I sign my own CSR with a different private key using the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with a different private key using the OpenSSL "req -x509" command as shown below. But the result is not a true self-signed certificate. The entity name ... 2016-11-05, 1561👍, 0💬

OpenSSL "req -x509" - Sign My Own CSR
Can I sign my own CSR with the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with the OpenSSL "req -x509" command as shown below. The result is a self-signed certificate. See the example below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL&g... 2016-11-08, 1481👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.