From: mwolson_admin <mwolson_admin@deleuze.hcoop.net>
Date: Tue, 20 Nov 2007 21:37:12 +0000 (-0500)
Subject: ca-sign: Tell clients using our CA cert to update CRL every 30 days
X-Git-Url: https://git.hcoop.net/hcoop/scripts.git/commitdiff_plain/87d0fa0931b70de55fd16d2899028dcff3ccc109

ca-sign: Tell clients using our CA cert to update CRL every 30 days
---

diff --git a/ca-sign b/ca-sign
index 687ad5b..78e4a87 100755
--- a/ca-sign
+++ b/ca-sign
@@ -31,9 +31,9 @@ cp $REQUEST $DIR/requests/$ID.csr
 
 # Update revocation list.
 echo "Updating certificate revocation list ..."
-openssl ca -config $CONF -batch -gencrl -crldays 180 -out $CRL1.pem
+openssl ca -config $CONF -batch -gencrl -crldays 30 -out $CRL1.pem
 openssl crl -outform DER -out $CRL1.crl -in $CRL1.pem
-openssl ca -config $CONF -batch -gencrl -crldays 180 -crlexts crl_ext \
+openssl ca -config $CONF -batch -gencrl -crldays 30 -crlexts crl_ext \
     -out $CRL2.pem
 openssl crl -outform DER -out $CRL2.crl -in $CRL2.pem
 cp $CRL1.crl $CRL2.crl $CA_LOC