Certificates can be created with longer validity than CAs.
Originally Published: 2001-07-12
Article Number
Applies To
Keon Certificate Authority
TechNote 0143
Issue
Resolution
A better way to deal with this is to change the templates to check this and to disallow it. There are three methods that can be used:
1. Fix the validity period of the certs to two days less than CAs, so the certs
creator can not modify this field at all. This template is useful when the
administrators want to create the longest validity period for every certificate they
issue.
2. Make a drop-down list which lists the valid options of the validity period for the
cert, only those periods that are not longer than CA expiry will be listed. User
can only pick up the validity period option from the list.
3. Display a warning message when a longer validity period (than its CA's) is
entered. The certificate will not be issued and the user must go back and
re-enter again. This is the most flexible one, since the administrators can enter
any validity period they want and don't have to worry about exceeding the expiry
date of the issuing CA (the system will do the checking).
We have made available sample replacement templates for each of the above options. The steps to do the above are as follows:
----
For method 1:
1. Make a backup of your original "view-request.xuda" file (under <sentry-installation-directory>/SentryCA/WebServer/admin-server/ca/admin).
2. Pick up a sample copy of the xuda templates from: https://knowledge.rsasecurity.com/docs/utilities/TTL_Fixed_Period.zip
3. Unzip the TTL_Fixed_Period.zip file.
Copy "view-request.xuda" to ...SentryCA/WebServer/admin-server/ca/admin/
(note you may need to change file permissions on the original file to be able to overwrite it)
4. Issue the certificate using the usual process.
----
For method 2:
1. Make a backup of your original "view-request.xuda" file (under
<sentry-installation-directory>/SentryCA/WebServer/admin-server/ca/admin).
2. Pick up a sample copy of the xuda templates from:
https://knowledge.rsasecurity.com/docs/utilities/TTL_Dropdown_List.zip
3. Unzip the TTL_Dropdown_List.zip file.
Copy "view-request.xuda" to .../SentryCA/WebServer/admin-server/ca/admin/
Copy "x-ttl-option.xuda" to .../SentryCA/WebServer/x-templates/
(note you may need to change file permissions on the original files to be able to overwrite them)
4. Issue the certificate using the usual process.
Notes: You may go to the "x-ttl-option.xuda" to customize the drop-down list to fit your own requirements.
----
For method 3:
1. Make a backup of the following files:
.../SentryCA/WebServer/admin-server/ca/admin/view-request.xuda
.../SentryCA/WebServer/admin-server/ca/admin/authorize-request.xuda
.../SentryCA/WebServer/x-templates/x-forward-request.xuda
2. Pick up a sample copy of the xuda templates from:
https://knowledge.rsasecurity.com/docs/utilities/TTL_Warning_Message.zip
3. Unzip the TTL_Warning_Message.zip file.
Copy "view-request.xuda" and "authorize-request.xuda"
to .../SentryCA/WebServer/admin-server/ca/admin/
Copy "x-forward-request.xuda" to .../SentryCA/WebServer/x-templates/
(note you may need to change file permissions on the original files to be able to overwrite them)
4. Issue the certificate using the usual process.
Related Articles
Cloud Administration APIs - Sample Code Number of Views Formatting for syslog data sent from RSA Authentication Manager 8.x Number of Views REMINDER: 6 WEEKS LEFT TO COMPLETE UPGRADE WHEN USING RSA CAS AND AVOID SERVICE DISRUPTION Number of Views REMINDER: 1 WEEK LEFT TO COMPLETE UPGRADE WHEN USING RSA CAS AND AVOID SERVICE DISRUPTION Number of Views REMINDER: 3 WEEKS LEFT TO COMPLETE UPGRADE WHEN USING RSA CAS AND AVOID SERVICE DISRUPTION Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
