ssl-cert generate-default-snakeoil provides no way to override default 30 day expiration

Bug #253512 reported by Martin Jackson on 2008-07-31
4
Affects Status Importance Assigned to Milestone
ssl-cert (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: ssl-cert

The openssl req command requires a -days argument to override the default number of days (30) for validity of self-signed certifiicates. 30 days seems an unreasonably low default. I have found no way to change this without fiddling with /usr/sbin/make-ssl-cert and adding "-days 365" (for example) to the relevant command line.

Martin Jackson (mhjacks) wrote :

Further research indicates a reference in the changelog that appears to refer to the issue I believe I'm seeing as of 1.0.15:

 * Make the default SSL cert have a lifetime of 10 years rather than 30
    days. Closes: 293821

http://changelogs.ubuntu.com/changelogs/pool/main/s/ssl-cert/ssl-cert_1.0.19ubuntu1/changelog

James Westby (james-w) wrote :

Hi,

Would you consider that change to fix this issue? There is still no
way to consider it, but 10 years seems much more sensible than 30 days.

Thanks,

James

Changed in ssl-cert:
status: New → Incomplete

James Westby wrote:
> Hi,
>
> Would you consider that change to fix this issue? There is still no
> way to consider it, but 10 years seems much more sensible than 30 days.
>
> Thanks,
>
> James
>
>
> ** Changed in: ssl-cert (Ubuntu)
> Status: New => Incomplete
>

Yes, I would. In the absence of real certs, 10 years is a much more
sensible default.

Thanks,
Marty

James Westby (james-w) wrote :

Hi,

Thanks for responding. I am closing the bug as fixed.

Thanks,

James

Changed in ssl-cert:
status: Incomplete → Fix Released
Martin Jackson (mhjacks) wrote :

James Westby wrote:
> Hi,
>
> Thanks for responding. I am closing the bug as fixed.
>
> Thanks,
>
> James
>
>
> ** Changed in: ssl-cert (Ubuntu)
> Status: Incomplete => Fix Released
>

Thank *you* for following up.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers