Some certificate profiles have been modified to remove the default one minute validity delay, allowing the certificate issued with those profiles to be used immediately.
https://fedorahosted.org/pki/ticket/2304 -- Endi S. Dewata
>From 70c31d580026cbab8f1090e294bf0ea887881925 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Sat, 30 Apr 2016 01:22:54 +0200 Subject: [PATCH] Removed default certificate validity delay. Some certificate profiles have been modified to remove the default one minute validity delay, allowing the certificate issued with those profiles to be used immediately. https://fedorahosted.org/pki/ticket/2304 --- base/ca/shared/profiles/ca/caDualCert.cfg | 2 +- base/ca/shared/profiles/ca/caECDualCert.cfg | 2 +- base/ca/shared/profiles/ca/caJarSigningCert.cfg | 2 +- base/ca/shared/profiles/ca/caSignedLogCert.cfg | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/base/ca/shared/profiles/ca/caDualCert.cfg b/base/ca/shared/profiles/ca/caDualCert.cfg index e85cbe00273f499a22aafe8b19c3ca0905fe8568..87c6e6c9e3c754e53eb1ba7cd22467cea31fbe5b 100644 --- a/base/ca/shared/profiles/ca/caDualCert.cfg +++ b/base/ca/shared/profiles/ca/caDualCert.cfg @@ -109,7 +109,7 @@ policyset.signingCertSet.2.constraint.params.notAfterCheck=false policyset.signingCertSet.2.default.class_id=validityDefaultImpl policyset.signingCertSet.2.default.name=Validity Default policyset.signingCertSet.2.default.params.range=180 -policyset.signingCertSet.2.default.params.startTime=60 +policyset.signingCertSet.2.default.params.startTime=0 policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl policyset.signingCertSet.3.constraint.name=Key Constraint policyset.signingCertSet.3.constraint.params.keyType=RSA diff --git a/base/ca/shared/profiles/ca/caECDualCert.cfg b/base/ca/shared/profiles/ca/caECDualCert.cfg index 8bf08108871363e68e26fa97f3ecb979b57dab97..7a8d38172db97dfaf03409be1b8bfc735ef37031 100644 --- a/base/ca/shared/profiles/ca/caECDualCert.cfg +++ b/base/ca/shared/profiles/ca/caECDualCert.cfg @@ -109,7 +109,7 @@ policyset.signingCertSet.2.constraint.params.notAfterCheck=false policyset.signingCertSet.2.default.class_id=validityDefaultImpl policyset.signingCertSet.2.default.name=Validity Default policyset.signingCertSet.2.default.params.range=180 -policyset.signingCertSet.2.default.params.startTime=60 +policyset.signingCertSet.2.default.params.startTime=0 policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl policyset.signingCertSet.3.constraint.name=Key Constraint policyset.signingCertSet.3.constraint.params.keyType=EC diff --git a/base/ca/shared/profiles/ca/caJarSigningCert.cfg b/base/ca/shared/profiles/ca/caJarSigningCert.cfg index 5ddf00776b61c0d3014c0372b94cf659a405eaef..36aca18c172afe1f96ad2e786dff52d5c4c42d92 100644 --- a/base/ca/shared/profiles/ca/caJarSigningCert.cfg +++ b/base/ca/shared/profiles/ca/caJarSigningCert.cfg @@ -27,7 +27,7 @@ policyset.caJarSigningSet.2.constraint.params.range=2922 policyset.caJarSigningSet.2.default.class_id=validityDefaultImpl policyset.caJarSigningSet.2.default.name=Validity Default policyset.caJarSigningSet.2.default.params.range=1461 -policyset.caJarSigningSet.2.default.params.startTime=60 +policyset.caJarSigningSet.2.default.params.startTime=0 policyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl policyset.caJarSigningSet.3.constraint.name=Key Constraint policyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096 diff --git a/base/ca/shared/profiles/ca/caSignedLogCert.cfg b/base/ca/shared/profiles/ca/caSignedLogCert.cfg index 7c99f2ba22deaeb55b4bf393506dff5c94f003db..393fe278c63999785ea65e94589590bf6d0bc835 100644 --- a/base/ca/shared/profiles/ca/caSignedLogCert.cfg +++ b/base/ca/shared/profiles/ca/caSignedLogCert.cfg @@ -26,7 +26,7 @@ policyset.caLogSigningSet.2.constraint.params.notAfterCheck=false policyset.caLogSigningSet.2.default.class_id=validityDefaultImpl policyset.caLogSigningSet.2.default.name=Validity Default policyset.caLogSigningSet.2.default.params.range=720 -policyset.caLogSigningSet.2.default.params.startTime=60 +policyset.caLogSigningSet.2.default.params.startTime=0 policyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl policyset.caLogSigningSet.3.constraint.name=Key Constraint policyset.caLogSigningSet.3.constraint.params.keyType=RSA -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
