[pve-devel] [PATCH cluster 1/1] change certificate lifetime to two years

Dominik Csapak Mon, 28 Oct 2019 03:40:49 -0700

instead of 10 years, to avoid issues with browsers/os that reject
certificates which have a longer lifetime
(e.g. macOs Catalina only accepts max 825 days if issued after july 2019)


Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
 data/PVE/Cluster.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 9cb68d8..2b26ff5 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -320,7 +320,7 @@ __EOD
     eval {
        # wrap openssl with faketime to prevent bug #904
        run_silent_cmd(['faketime', 'yesterday', 'openssl', 'x509', '-req',
-                       '-in', $reqfn, '-days', '3650', '-out', $pvessl_cert_fn,
+                       '-in', $reqfn, '-days', '730', '-out', $pvessl_cert_fn,
                        '-CAkey', $pveca_key_fn, '-CA', $pveca_cert_fn,
                        '-CAserial', $pveca_srl_fn, '-extfile', $cfgfn]);
     };
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH cluster 1/1] change certificate lifetime to two years

Reply via email to