Extending default validity for self-generated SSL certificates

When I installed GForge recently, I had to generate an SSL certificate as part of the installation since GForge runs on https. However, the make-ssl-cert tool does not provide a way to customize the validity of the generated certificate, which is 30 days by default.

As it turns out, this problem is known for 3 years, and it is still not fixed in Ubuntu 8.04.

The easiest workaround is to edit the make-ssl-cert script using

whereis make-ssl-cert
sudo nano [path-to/]make-ssl-cert

and replace the line

openssl req -config $TMPFILE -new -x509 -nodes -out $output
    -keyout $output

with

openssl req -config $TMPFILE -new -x509 -days 365 -nodes
    -out $output -keyout $output

That’s it.

This entry was posted on Wednesday, July 16th, 2008 at 23:44 and is filed under Ubuntu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Extending default validity for self-generated SSL certificates”

  1. Extending default validity for self-generated SSL certificates Says:
    July 17, 2008 at 0:10 | Reply

    [...] Read the original post: Extending default validity for self-generated SSL certificates [...]

  2. Tutorial on how to Install Apache, Subversion and Trac with Virtual Hosting suppor in Ubuntu Linux Says:
    November 2, 2008 at 23:21 | Reply

    [...] default Ubuntu SSL cert is only for 30 days, so, we changed this to be 365 a little more sane no? Thanks for the tip [...]

Leave a Reply