Setting the self-signed certificate expiration date

Last month I generated a self-signed certificate like this:

openssl req -new -x509 -nodes -out example.com.crt -key example.com.key

Yesterday, a month later, things depending on this certificate started to break, and I realized it was because the certificate had expired: apparently the default expiration date is a month.

So I regenerated it, adding -days 3650 to set the expiration date 10 years into the future.

openssl req -new -x509 -days 3650 -nodes -out example.com.crt -key example.com.key

I double-checked the expiration date with:

openssl x509 -enddate -noout -in example.com.crt

And was surprised to see this returned:

notAfter=Jul 19 18:42:13 2030 GMT

Surely something must be broken, I thought: 2030 isn’t in 10 years.

Oh, right, 2030 is in 10 years.

Comments

Olle Jonsson's picture
Olle Jonsson on July 24, 2020 - 21:18 Permalink

I love this post. So eminently you!