Make SSL certificate for TOR-Agent valid for 10 year period.

Change-Id: I3ac1cf1673f8697fdabf006bf06b9e2ffdb2b551 closes-bug: 1474803
Juniper · Jul 15, 2015 · 85e3533 · 85e3533
1 parent 9fb1ffd
commit 85e3533
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/fabfile/tasks/provision.py b/fabfile/tasks/provision.py
@@ -1876,8 +1876,9 @@ def add_tor_agent_by_index(index, node_info, restart=True):
                     ssl_files_copied_from_standby = True
             # Generate files if we didn't copy from standby
             if not ssl_files_copied_from_standby:
-                ssl_cmd = "openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/L="
-                ssl_cmd += tor_name + "/O=" + tor_vendor_name + "/CN=" + domain_name + "\""
+                ssl_cmd = "openssl req -new -x509 -days 3650 -text -sha256"
+                ssl_cmd += " -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O="
+                ssl_cmd += + tor_vendor_name + "/CN=" + domain_name + "\""
                 ssl_cmd += " -keyout " + privkey_file + " -out " + cert_file
                 sudo(ssl_cmd)