[Pki-users] change Root CA's Validity

Erwin Himawan ehimawan at gmail.com
Fri Feb 12 16:09:23 UTC 2010 

Dave,

It is a good and useful script.  Where should the script be run?  After
creating pki-ca instance and prior to configuring the pki-ca instance?

Thanks,
Erwin

On Fri, Feb 12, 2010 at 6:06 AM, David (Dave) Donnan <
david.donnan at thalesgroup.com> wrote:

>  Fu-Jyh Luo hello. This might be overkill but you're welcome to it.
>
> I think the default cert expiry period with CMS is 2 years – way too short.
> This script enables 7300 days = 20 years, rather.
>
>
>
> #!/bin/bash
>
> #
>
> # COMPONENT_NAME: ca-delta-range.sh
>
> #
>
> # HISTORY: Version 1.0 2008/10    Dave (David) Donnan
>
> #
>
>
>
> cd /var/lib/pki-ca/profiles/ca
>
> for file in *.cfg; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
>
>
> cd /var/lib/pki-ca/conf
>
> for file in *.profile; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
> # end
>
>
>
>
>
> Similarly, I wrote kra-dra-delta-range.sh to be used later:
>
>
>
> #!/bin/bash
>
> #
>
> # COMPONENT_NAME: kra-dra-delta-range.sh
>
> #
>
> # HISTORY: Version 1.0 2008/10    Dave (David) Donnan Original
>
> #
>
> #
>
>
>
> cd /var/lib/pki-kra/conf
>
> for file in *.profile; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
> # end
> Fu-Jyh Luo wrote:
>
> Dear All,
>
> I installed DogTag.  The default validity of ROOT CA is 2 years.  Is a way to change the ROOT CA's validity during the configuration wizard?
>
> Thanks,
> Fu-Jyh Luo
>
>
>
>
> _______________________________________________
> Pki-users mailing listPki-users at redhat.comhttps://www.redhat.com/mailman/listinfo/pki-users
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100212/cf22326e/attachment.htm>

More information about the Pki-users mailing list