Re: [Pki-users] change Root CA's Validity

Fu-Jyh Luo hello. This might be overkill but you're welcome to it. I think the default cert expiry period with CMS is 2 years -- way too short. This script enables 7300 days = 20 years, rather. #!/bin/bash # # COMPONENT_NAME: ca-delta-range.sh # # HISTORY: Version 1.0 2008/10 Dave (David) Donnan # cd /var/lib/pki-ca/profiles/ca for file in *.cfg; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done cd /var/lib/pki-ca/conf for file in *.profile; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done # end Similarly, I wrote kra-dra-delta-range.sh to be used later: #!/bin/bash # # COMPONENT_NAME: kra-dra-delta-range.sh # # HISTORY: Version 1.0 2008/10 Dave (David) Donnan Original # # cd /var/lib/pki-kra/conf for file in *.profile; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done # end Fu-Jyh Luo wrote: