ovs-pki: Extend validity of generated CA certificates from 3 to 6 years.
authorBen Pfaff <blp@nicira.com>
Wed, 16 Sep 2009 21:09:29 +0000 (14:09 -0700)
committerBen Pfaff <blp@nicira.com>
Wed, 16 Sep 2009 21:09:29 +0000 (14:09 -0700)
Dan requested this change to make it less likely that a user encounter a
CA certificate expiring.

For the "citrix" branch instead of "master" in case a customer upgrades
(without generating new CA certificates) away from the beta.

CC: Dan Wendlandt <dan@nicira.com>
utilities/ovs-pki.in

index 22b5f2a0c8a72c398becb39508921be0b581badd..39d5782e03c0174c57585805536c26f61eec5d26 100755 (executable)
@@ -271,7 +271,7 @@ EOF
             -newkey $newkey -keyout private/cakey.pem -out careq.pem \
             1>&3 2>&3
         openssl ca -config ca.cnf -create_serial -out cacert.pem \
-            -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+            -days 2191 -batch -keyfile private/cakey.pem -selfsign \
             -infiles careq.pem 1>&3 2>&3
         chmod 0700 private/cakey.pem