В общем поднял CA на одной машине. Для этой цели использую CentOS 6.4 и Openssl, но проблема в том что после месяца сертификаты становятся не валидными и не понимаю где косяк.

# openssl verify -CAfile ca.crt server1.crt
........................................
error 10 at 1 depth lookup:certificate has expired
OK

Конфиг CA:
[ ca ]
default_ca      = CA_default            # The default ca section

[ CA_default ]

dir             = .             # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
unique_subject  = no                    # Set to 'no' to allow creation of
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/ca.crt           # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 CRL
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/ca.key           # The private key
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = usr_cert              # The extentions to add to the cert

name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options

default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = default               # use public key default MD
preserve        = no                    # keep passed DN ordering

policy          = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

генерировал сертификаты таким образом:
openssl req -config ./openssl.cnf -new -newkey rsa:2048 -nodes -keyout server1.key -out server1.csr
openssl ca -config ./openssl.cnf -out server1.crt -days 3650 -infiles server1.csr

вот соделжимое самого сертификата на счет Validity :

       Validity
            Not Before: Apr 15 08:19:17 2013 GMT
            Not After : Apr 13 08:19:17 2023 GMT