Extend CA expiry to 1 year

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 11b0150..0e551b4 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -3804,8 +3804,9 @@
 
 int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
 	TQString command;
-
-	command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+	TQString subject;
+	subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+	command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(KERBEROS_PKI_PEMKEY_EXPIRY_DAYS).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject);
 	if (system(command) < 0) {
 		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
 		return -1;
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 814fc0a..a1573c7 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -62,6 +62,9 @@
 #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs"
 #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater"
 
+// 1 year
+#define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365
+
 // Values from hdb.asn1
 enum LDAPKRB5Flags {
 	KRB5_INITIAL			= 0x00000001,