Re: [Pki-users] change Root CA's Validity

Dave, It is a good and useful script. Where should the script be run? After creating pki-ca instance and prior to configuring the pki-ca instance? Thanks, Erwin On Fri, Feb 12, 2010 at 6:06 AM, David (Dave) Donnan <david.donnan(a)thalesgroup.com <mailto:david.donnan@thalesgroup.com>> wrote: Fu-Jyh Luo hello. This might be overkill but you're welcome to it. I think the default cert expiry period with CMS is 2 years – way too short. This script enables 7300 days = 20 years, rather. #!/bin/bash # # COMPONENT_NAME: ca-delta-range.sh # # HISTORY: Version 1.0 2008/10 Dave (David) Donnan # cd /var/lib/pki-ca/profiles/ca for file in *.cfg; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done cd /var/lib/pki-ca/conf for file in *.profile; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done # end Similarly, I wrote kra-dra-delta-range.sh to be used later: #!/bin/bash # # COMPONENT_NAME: kra-dra-delta-range.sh # # HISTORY: Version 1.0 2008/10 Dave (David) Donnan Original # # cd /var/lib/pki-kra/conf for file in *.profile; do echo $file cp -p $file $file.pre7300 sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file chmod 755 $file chown pkiuser:pkiuser $file done # end Fu-Jyh Luo wrote: > Dear All, > > I installed DogTag. The default validity of ROOT CA is 2 years. Is a way to change the ROOT CA's validity during the configuration wizard? > > Thanks, > Fu-Jyh Luo > > > > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> > https://www.redhat.com/mailman/listinfo/pki-users > > _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users