Home Help Center

Change expiration date in iceca certificates

jmsanchezjmsanchez Member Jose Manuel Sanchez Matamoros PerezOrganization: ZennioProject: home automation system remote controller

I'm creating some ssl certificates to use them in my Ice system; these certificates are created using the iceca python script provided with Ice 3.5. By default, these certificates are set with an expiration date of 5 years (from now). Is it possible to change this date?

Thank you!


  • xdmxdm La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi Jose,

    The certificate authority certificate expiration dated is hard-coded in the iceca script.
    cmd = opensslCmd + ' req -config "' + cacnfname + '" -x509 -days 1825 -newkey rsa:2048 -out "' + \
                os.path.join(cadb, "ca_cert.pem") + '" -outform PEM'

    For the certificates signed by the CA the sign.cnf configuration file use default_days parameter, that file is generated by iceca as part of Certificate Authority initialization, you can change the default in this file or edit it after it has been generated.
    default_days     = 1825                     # How long certs are valid.

    Note that iceca isn't a replacement for OpenSSL ca, it just allows to quickly setting up a CA and certificates for Ice client/servers and IceGrid, some times when you need more control is just easy to directly use OpenSSL ca command.
Sign In or Register to comment.