Last month I generated a self-signed certificate like this:
openssl req -new -x509 -nodes -out example.com.crt -key example.com.key
Yesterday, a month later, things depending on this certificate started to break, and I realized it was because the certificate had expired: apparently the default expiration date is a month.
So I regenerated it, adding -days 3650 to set the expiration date 10 years into the future.
openssl req -new -x509 -days 3650 -nodes -out example.com.crt -key example.com.key
I double-checked the expiration date with:
openssl x509 -enddate -noout -in example.com.crt
And was surprised to see this returned:
notAfter=Jul 19 18:42:13 2030 GMT
Surely something must be broken, I thought: 2030 isn’t in 10 years.
Oh, right, 2030 is in 10 years.