self signed generated cert has 30d expiration instead of intended 3650
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Juju Charms Collection) |
Fix Released
|
Undecided
|
JuanJo Ciarlante |
Bug Description
Provided openssl.cnf doesn't work as expected:
$ head -5 data/openssl.cnf
RANDFILE = /dev/urandom
[ req ]
default_days = 3650
default_bits = 1024
# replaying usage from charm when SELFSIGNED is set:
$ OPENSSL_CN=foo OPENSSL_
Generating a 1024 bit RSA private key
...++++++
.......
writing new private key to 'foo.key'
-----
$ openssl x509 -in foo.crt -noout -dates
notBefore=Jan 8 23:37:56 2015 GMT
notAfter=Feb 7 23:37:56 2015 GMT
FYI https:/
"-days n : when the -x509 option is being used this specifies the number of days ..."
So, because indeed the charm needs to use -x509, it should
add "-days 3650" to the cmdline invocation, instead of
relying on the (unused) openssl.cnf default_days value.
Related branches
- Matt Bruzek (community): Approve
- Adam Israel (community): Approve
- Review Queue (community): Needs Fixing
-
Diff: 24 lines (+2/-2)2 files modifieddata/openssl.cnf (+0/-1)
hooks/hooks.py (+2/-1)
tags: | added: canonical-is |
Changed in apache2 (Juju Charms Collection): | |
status: | New → Fix Released |
assignee: | nobody → JuanJo Ciarlante (jjo) |