Commit 6305e238 authored by Leigh Stoller's avatar Leigh Stoller

Fixes to make sure the certificates are really good for three years.

So, the length of time is set in the .cnf file when signing a cert
with the CA. However, the length of time the CA is good for is not set
in the .cnf file (the entry is ignored). Rather, it has to be on the
command line. So, the certs really were good for 3 years; it was the
CA that had expired, and once that happens the certs are no longer any
good. Very bogus.
parent 7cc90261
......@@ -26,7 +26,7 @@ emulab.pem: dirsmade emulab.cnf
# Create the Certificate Authority.
# The certificate (no key!) is installed on both boss and remote nodes.
#
openssl req -new -x509 -config emulab.cnf \
openssl req -new -x509 -days 1000 -config emulab.cnf \
-keyout cakey.pem -out cacert.pem
cp cacert.pem emulab.pem
......
......@@ -33,7 +33,7 @@ x509_extensions = usr_cert # The extentions to add to the cert
# crl_extensions = crl_ext
default_days = 1000 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_crl_days= 1000 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
......
......@@ -2,6 +2,7 @@
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
default_days = 1000
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment