Archived
This forum has been archived. Please start a new discussion on GitHub.
Change expiration date in iceca certificates
Hi,
I'm creating some ssl certificates to use them in my Ice system; these certificates are created using the iceca python script provided with Ice 3.5. By default, these certificates are set with an expiration date of 5 years (from now). Is it possible to change this date?
Thank you!
I'm creating some ssl certificates to use them in my Ice system; these certificates are created using the iceca python script provided with Ice 3.5. By default, these certificates are set with an expiration date of 5 years (from now). Is it possible to change this date?
Thank you!
0
Comments
-
Hi Jose,
The certificate authority certificate expiration dated is hard-coded in the iceca script.cmd = opensslCmd + ' req -config "' + cacnfname + '" -x509 -days 1825 -newkey rsa:2048 -out "' + \ os.path.join(cadb, "ca_cert.pem") + '" -outform PEM'
For the certificates signed by the CA the sign.cnf configuration file use default_days parameter, that file is generated by iceca as part of Certificate Authority initialization, you can change the default in this file or edit it after it has been generated.default_days = 1825 # How long certs are valid.
Note that iceca isn't a replacement for OpenSSL ca, it just allows to quickly setting up a CA and certificates for Ice client/servers and IceGrid, some times when you need more control is just easy to directly use OpenSSL ca command.0
