Pull from trunk.

svn path=/branches/tk377/; revision=4960
author: Rob Austein <sra@hactrn.net> 2013-01-08 20:04:35 +0000
committer: Rob Austein <sra@hactrn.net> 2013-01-08 20:04:35 +0000
commit: 5d67c32912c62015cf99201eafec67c5c00719ad (patch)
tree: c4ec0e2e181e671bd882d8b04df259887ef8eaa6 /doc/doc.RPKI.CA.Configuration.rootd
parent: 5bfaa95b9c6a076bbe16966bb77c4dd42ddc5039 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.rootd b/doc/doc.RPKI.CA.Configuration.rootd
index 678e2edf..f27bdd15 100644
--- a/doc/doc.RPKI.CA.Configuration.rootd
+++ b/doc/doc.RPKI.CA.Configuration.rootd
@@ -142,7 +142,11 @@ generate a root certificate as follows:
   $ openssl x509 -req -sha256             \
           -signkey root.key -in root.req  \
           -outform DER -out root.cer      \
-          -extfile root.conf -extensions x509v3_extensions
+          -extfile root.conf -extensions x509v3_extensions \
+          -days 1825
+
+You may want to shorten the five year expire time (1825 days), which is a bit
+long. It is a root certificate, so a longer expire is not unusual.
 
 The generated root.cer must be copied to the publication directory as defined
 in rpki.conf,
author	Rob Austein <sra@hactrn.net>	2013-01-08 20:04:35 +0000
committer	Rob Austein <sra@hactrn.net>	2013-01-08 20:04:35 +0000
commit	5d67c32912c62015cf99201eafec67c5c00719ad (patch)
tree	c4ec0e2e181e671bd882d8b04df259887ef8eaa6 /doc/doc.RPKI.CA.Configuration.rootd
parent	5bfaa95b9c6a076bbe16966bb77c4dd42ddc5039 (diff)