Fu-Jyh Luo hello. This might be overkill but you're welcome to it.I think the default cert expiry period with CMS is 2 years – way too short. This script enables 7300 days = 20 years, rather.
#!/bin/bash
#
# COMPONENT_NAME: ca-delta-range.sh
#
# HISTORY: Version 1.0 2008/10 Dave (David) Donnan
#
cd /var/lib/pki-ca/profiles/ca
for file in *.cfg; do
echo $file
cp -p $file $file.pre7300
sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755 $file
chown pkiuser:pkiuser $file
done
cd /var/lib/pki-ca/conf
for file in *.profile; do
echo $file
cp -p $file $file.pre7300
sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755 $file
chown pkiuser:pkiuser $file
done
# end
Similarly, I wrote kra-dra-delta-range.sh to be used later:
#!/bin/bash
#
# COMPONENT_NAME: kra-dra-delta-range.sh
#
# HISTORY: Version 1.0 2008/10 Dave (David) Donnan Original
#
#
cd /var/lib/pki-kra/conf
for file in *.profile; do
echo $file
cp -p $file $file.pre7300
sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
chmod 755 $file
chown pkiuser:pkiuser $file
done
# end
Fu-Jyh Luo wrote:Dear All, I installed DogTag. The default validity of ROOT CA is 2 years. Is a way to change the ROOT CA's validity during the configuration wizard? Thanks, Fu-Jyh Luo _______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users