instead of 10 years, to avoid issues with browsers/os that reject certificates which have a longer lifetime (e.g. macOs Catalina only accepts max 825 days if issued after july 2019)
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com> --- data/PVE/Cluster.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm index 9cb68d8..2b26ff5 100644 --- a/data/PVE/Cluster.pm +++ b/data/PVE/Cluster.pm @@ -320,7 +320,7 @@ __EOD eval { # wrap openssl with faketime to prevent bug #904 run_silent_cmd(['faketime', 'yesterday', 'openssl', 'x509', '-req', - '-in', $reqfn, '-days', '3650', '-out', $pvessl_cert_fn, + '-in', $reqfn, '-days', '730', '-out', $pvessl_cert_fn, '-CAkey', $pveca_key_fn, '-CA', $pveca_cert_fn, '-CAserial', $pveca_srl_fn, '-extfile', $cfgfn]); }; -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel