-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR] -days #339
Comments
Open
kixelated
added a commit
to kixelated/mkcert
that referenced
this issue
Mar 25, 2023
The hard-coded default of 2 years, 3 months works for most applications. However, some applications enforce that the certificate is only valid for a short period and this default is too long. For example, WebRTC fingerprinting enforces a max duration of 30 days. WebTransport is even more extreme and requests certs valid for more than 14 days. These certificates are meant to be ephemeral. Fixes FiloSottile#339 FiloSottile#343
kixelated
added a commit
to kixelated/mkcert
that referenced
this issue
Mar 25, 2023
The hard-coded default of 2 years, 3 months works for most applications. However, some applications enforce that the certificate is only valid for a short period and this default is too long. For example, WebRTC fingerprinting enforces a max duration of 30 days. WebTransport is even more extreme and requests certs valid for more than 14 days. These certificates are meant to be ephemeral. Fixes FiloSottile#339 FiloSottile#343
kixelated
added a commit
to kixelated/mkcert
that referenced
this issue
Mar 25, 2023
The hard-coded default of 2 years, 3 months works for most applications. However, some applications enforce that the certificate is only valid for a short period and this default is too long. For example, WebRTC fingerprinting enforces a max duration of 30 days. WebTransport is even more extreme and rejects certs valid for more than 14 days. These certificates are meant to be ephemeral. Fixes FiloSottile#339 FiloSottile#343
dancewhale
pushed a commit
to dancewhale/mkcert
that referenced
this issue
Jul 10, 2023
The hard-coded default of 2 years, 3 months works for most applications. However, some applications enforce that the certificate is only valid for a short period and this default is too long. For example, WebRTC fingerprinting enforces a max duration of 30 days. WebTransport is even more extreme and rejects certs valid for more than 14 days. These certificates are meant to be ephemeral. Fixes FiloSottile#339 FiloSottile#343
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorry for the short presentation, got to do a lot of other stuff and make the stupid OpenVPN virtual machine working.
Due to a lot of controversy with days and whatnot these last times, why not add a
-days
parameter to everything (checking that theNotAfter
of a certificate isn't due after theNotAfter
of the CA) and allow the user to customize literally everything about the time constrains? (on a local (maybe offline) dev machine a user might even want to issue a wildcard cert maybe every 10y or so)(also) Why there are no
-orgunit
or-country
and such for "personalizing" the certificate? I know it matters the least, but my OCD claims for perfectly-organized digital management 😅The text was updated successfully, but these errors were encountered: