Previous Topic: SSL Mode

Next Topic: Create the CA Certificate

Generating SSL CertificatesSet Expiration

Set Expiration

When generating a CA certificate, the default_days parameter in cassl.conf that controls the expiration of server and client certificates is not used for CA certificates. The certificate is generated with a default expiration of 30 days.

To change the default expiration

  1. Add 'days nnn' to the makeca script line. The following line is an example of how the makeca script is shipped: 
    Openssl req -x509 -newkey rsa -out ./certs/cassl.pem -outform PEM
  2. To change the expiration to one year, change the line before running the makeca script: 
    Openssl req -x509 -newkey rsa -out ./certs/cassl.pem -outform PEM -days 365