The default can be changed inside the config file caCert.profile located somewhere (/var/lib/rhpki-ca/conf ???). The line reads 2.default.param.range=720 which you can change and then restart your CA. I used RedHat CA and not the dogtag version therefore the path and field names may differ from what I quoted. From: Julius Adewumi @GDC4S.com ________________________________ From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Uzor Ide Sent: Monday, January 11, 2010 5:07 PM To: pki-users(a)redhat.com Subject: [Pki-users] CA Validity Hi All Am new to the Dogtag Cert server. Am testing it out for my company. Please I need direction on how to change the number of years of validity for the Security Domain Certificate Authority Certificate. After the installation and setup I found the CA Signing Certificate has only 2 years validity. Even after trying to change it through the profile and re-running the setup I still ended up with 720 days certificate. Can anybody help and point me in the right the direction. Thanks in advance for your help. Ide