From f27c790278ddfb5408f15bcb01ad301b5aea9f43 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Wed, 25 Nov 2015 15:28:40 +0200
Subject: [PATCH] Don't set default_days since certs are still set for 30 days,
 use the flag explicitly.

---
 ssl-ca | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl-ca b/ssl-ca
index d4952df..62d8d12 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -12,7 +12,6 @@ certs = \$dir/certs
 certificate = \$dir/CA.crt
 private_key = \$dir/CA.key
 default_md = sha256
-default_days = 365
 email_in_dn = no
 RANDFILE = /dev/urandom
 database = /dev/null
@@ -75,6 +74,7 @@ init () {
             -new \
             -key CA.key \
             -extensions v3_ca \
+            -days 3650 \
             -out CA.crt
     fi
     if [ -e CA.p12 ]
@@ -123,6 +123,7 @@ sign_key () {
         -set_serial $seed \
         -extensions v3_req \
         -extfile openssl.cnf \
+        -days 3650 \
         -CAkey CA.key
     rm "$csr"
 }
-- 
GitLab