From 53b7d85d9724585afbcb36d008597910ff4aa8fa Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Tue, 8 Jan 2013 12:00:09 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=4955 --- doc/doc.RPKI.CA.Configuration.rootd | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'doc/doc.RPKI.CA.Configuration.rootd') diff --git a/doc/doc.RPKI.CA.Configuration.rootd b/doc/doc.RPKI.CA.Configuration.rootd index 678e2edf..f27bdd15 100644 --- a/doc/doc.RPKI.CA.Configuration.rootd +++ b/doc/doc.RPKI.CA.Configuration.rootd @@ -142,7 +142,11 @@ generate a root certificate as follows: $ openssl x509 -req -sha256 \ -signkey root.key -in root.req \ -outform DER -out root.cer \ - -extfile root.conf -extensions x509v3_extensions + -extfile root.conf -extensions x509v3_extensions \ + -days 1825 + +You may want to shorten the five year expire time (1825 days), which is a bit +long. It is a root certificate, so a longer expire is not unusual. The generated root.cer must be copied to the publication directory as defined in rpki.conf, -- cgit v1.2.3