Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1854)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5378)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4391)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years.
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date
using the OpenSSL "req -x509 -days" command as shown below.
Without the "-days" option, the resulting certificate is only valid for 30 days.
See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt -days 3650 Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -dates -noout notBefore=Aug 21 13:26:41 2016 GMT notAfter=Aug 19 13:26:41 2026 GMT
⇒ OpenSSL "req -x509 -set_serial" - Certificate Serial Number
2016-11-11, 3635👍, 0💬
Popular Posts:
Software signing is being used by a growing number of software publishers and application developers...
Where to find tutorials on using OpenSSL "ca" command? Here is a collection of tutorials on using Op...
Certificate summary - Owner: pages.ebay.com, Site Operations, "eBay, Inc.", L=San Jose, ST=Californi...
What is the structure of certificates? What types of values are recorded in a certificate? The struc...
Certificate Summary: Subject Common Name (CN): Go Daddy Root Certificate Authority - G2 Issuer Commo...