Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] -days #339

Open
bryanpedini opened this issue Feb 12, 2021 · 0 comments · May be fixed by #513
Open

[FR] -days #339

bryanpedini opened this issue Feb 12, 2021 · 0 comments · May be fixed by #513

Comments

@bryanpedini
Copy link

bryanpedini commented Feb 12, 2021
edited

Sorry for the short presentation, got to do a lot of other stuff and make the stupid OpenVPN virtual machine working.

Due to a lot of controversy with days and whatnot these last times, why not add a -days parameter to everything (checking that the NotAfter of a certificate isn't due after the NotAfter of the CA) and allow the user to customize literally everything about the time constrains? (on a local (maybe offline) dev machine a user might even want to issue a wildcard cert maybe every 10y or so)

(also) Why there are no -orgunit or -country and such for "personalizing" the certificate? I know it matters the least, but my OCD claims for perfectly-organized digital management 😅
@ikeyan ikeyan mentioned this issue Feb 26, 2021
Open
kixelated added a commit to kixelated/mkcert that referenced this issue Mar 25, 2023
@kixelated
Add a -days flag to specify the expiration duration.
ea0b2eb 
The hard-coded default of 2 years, 3 months works for most applications.
However, some applications enforce that the certificate is only valid
for a short period and this default is too long.

For example, WebRTC fingerprinting enforces a max duration of 30 days.
WebTransport is even more extreme and requests certs valid for more than
14 days. These certificates are meant to be ephemeral.

Fixes FiloSottile#339 FiloSottile#343
kixelated added a commit to kixelated/mkcert that referenced this issue Mar 25, 2023
@kixelated
Add a -days flag to specify the validity period.
97df13a 
The hard-coded default of 2 years, 3 months works for most applications.
However, some applications enforce that the certificate is only valid
for a short period and this default is too long.

For example, WebRTC fingerprinting enforces a max duration of 30 days.
WebTransport is even more extreme and requests certs valid for more than
14 days. These certificates are meant to be ephemeral.

Fixes FiloSottile#339 FiloSottile#343
kixelated added a commit to kixelated/mkcert that referenced this issue Mar 25, 2023
@kixelated
Add a -days flag to specify the validity period.
6d3982e 
The hard-coded default of 2 years, 3 months works for most applications.
However, some applications enforce that the certificate is only valid
for a short period and this default is too long.

For example, WebRTC fingerprinting enforces a max duration of 30 days.
WebTransport is even more extreme and rejects certs valid for more than
14 days. These certificates are meant to be ephemeral.

Fixes FiloSottile#339 FiloSottile#343
@kixelated kixelated linked a pull request Mar 25, 2023 that will close this issue
Open
dancewhale pushed a commit to dancewhale/mkcert that referenced this issue Jul 10, 2023
@kixelated @dancewhale
Add a -days flag to specify the validity period.
19f88cc 
The hard-coded default of 2 years, 3 months works for most applications.
However, some applications enforce that the certificate is only valid
for a short period and this default is too long.

For example, WebRTC fingerprinting enforces a max duration of 30 days.
WebTransport is even more extreme and rejects certs valid for more than
14 days. These certificates are meant to be ephemeral.

Fixes FiloSottile#339 FiloSottile#343
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a -days flag to specify the validity period. kixelated/mkcert
1 participant
@bryanpedini