[pve-devel] [PATCH cluster 1/1] change certificate lifetime to two years
Dominik Csapak
d.csapak at proxmox.com
Mon Oct 28 11:39:58 CET 2019
instead of 10 years, to avoid issues with browsers/os that reject
certificates which have a longer lifetime
(e.g. macOs Catalina only accepts max 825 days if issued after july 2019)
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
data/PVE/Cluster.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 9cb68d8..2b26ff5 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -320,7 +320,7 @@ __EOD
eval {
# wrap openssl with faketime to prevent bug #904
run_silent_cmd(['faketime', 'yesterday', 'openssl', 'x509', '-req',
- '-in', $reqfn, '-days', '3650', '-out', $pvessl_cert_fn,
+ '-in', $reqfn, '-days', '730', '-out', $pvessl_cert_fn,
'-CAkey', $pveca_key_fn, '-CA', $pveca_cert_fn,
'-CAserial', $pveca_srl_fn, '-extfile', $cfgfn]);
};
--
2.20.1
More information about the pve-devel
mailing list