Setting the self-signed certificate expiration date

Last month I generated a self-signed certificate like this:

openssl req -new -x509 -nodes -out example.com.crt -key example.com.key

Yesterday, a month later, things depending on this certificate started to break, and I realized it was because the certificate had expired: apparently the default expiration date is a month.

So I regenerated it, adding -days 3650 to set the expiration date 10 years into the future.

openssl req -new -x509 -days 3650 -nodes -out example.com.crt -key example.com.key

I double-checked the expiration date with:

openssl x509 -enddate -noout -in example.com.crt

And was surprised to see this returned:

notAfter=Jul 19 18:42:13 2030 GMT

Surely something must be broken, I thought: 2030 isn’t in 10 years.

Oh, right, 2030 is in 10 years.

Comments

Olle Jonsson's picture
Olle Jonsson on July 24, 2020 - 21:18 Permalink

I love this post. So eminently you!

TJB's picture
TJB on August 13, 2020 - 08:39 Permalink

Adorable. Was just passing by, but I want you to know, I read it and I laughed in sympathy. I had something similar, though on a scale of days being longer than a year rather than summing up to a decade. :D

Thank you for the post.