Fu-Jyh Luo hello. This might be overkill but you're welcome to it.
I
think the default cert expiry period with CMS is 2 years – way too
short. This script enables 7300 days = 20 years, rather.
#!/bin/bash
#
#
COMPONENT_NAME: ca-delta-range.sh
#
# HISTORY:
Version 1.0 2008/10 Dave (David)
Donnan
#
cd
/var/lib/pki-ca/profiles/ca
for file
in *.cfg; do
echo $file
cp -p
$file $file.pre7300
sed
's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755
$file
chown
pkiuser:pkiuser $file
done
cd
/var/lib/pki-ca/conf
for file
in *.profile; do
echo $file
cp -p
$file $file.pre7300
sed
's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755
$file
chown
pkiuser:pkiuser $file
done
# end
Similarly,
I wrote kra-dra-delta-range.sh to be used
later:
#!/bin/bash
#
#
COMPONENT_NAME: kra-dra-delta-range.sh
#
# HISTORY:
Version 1.0 2008/10 Dave (David)
Donnan Original
#
#
cd
/var/lib/pki-kra/conf
for file
in *.profile; do
echo $file
cp -p
$file $file.pre7300
sed
's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755
$file
chown
pkiuser:pkiuser $file
done
# end
Dear All, I installed DogTag. The default validity of ROOT CA is 2 years. Is a way to change the ROOT CA's validity during the configuration wizard? Thanks, Fu-Jyh Luo _______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users