aboutsummaryrefslogtreecommitdiff
path: root/doc/doc.RPKI.CA.Configuration.rootd
diff options
context:
space:
mode:
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.rootd')
-rw-r--r--doc/doc.RPKI.CA.Configuration.rootd6
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.rootd b/doc/doc.RPKI.CA.Configuration.rootd
index 678e2edf..f27bdd15 100644
--- a/doc/doc.RPKI.CA.Configuration.rootd
+++ b/doc/doc.RPKI.CA.Configuration.rootd
@@ -142,7 +142,11 @@ generate a root certificate as follows:
$ openssl x509 -req -sha256 \
-signkey root.key -in root.req \
-outform DER -out root.cer \
- -extfile root.conf -extensions x509v3_extensions
+ -extfile root.conf -extensions x509v3_extensions \
+ -days 1825
+
+You may want to shorten the five year expire time (1825 days), which is a bit
+long. It is a root certificate, so a longer expire is not unusual.
The generated root.cer must be copied to the publication directory as defined
in rpki.conf,
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 20:17:33 +0000