summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-09-02 10:57:31 +0200
committerErich Eckner <git@eckner.net>2019-09-02 12:03:10 +0200
commitdfbcea79b227d150e2f5a35f9172f4f12d025fc2 (patch)
treead00fe538d8acbc311839d2d1bb101ec4b835349
parent1528df30f0084924b3ab49c0083438479ecb7838 (diff)
downloadsimple-pki-dfbcea79b227d150e2f5a35f9172f4f12d025fc2.tar.xz
shorter lifetime for certs
-rw-r--r--etc/ca.conf6
-rw-r--r--etc/server.conf2
2 files changed, 4 insertions, 4 deletions
diff --git a/etc/ca.conf b/etc/ca.conf
index 0b768e0..74c4065 100644
--- a/etc/ca.conf
+++ b/etc/ca.conf
@@ -46,7 +46,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
database = $dir/ca/$ca/db/$ca.db # Index file
unique_subject = no # Require unique subject
-default_days = 3652 # How long to certify for
+default_days = 365 # How long to certify for
default_md = sha1 # MD to use
policy = match_pol # Default naming policy
email_in_dn = no # Add email to cert DN
@@ -55,7 +55,7 @@ name_opt = ca_default # Subject DN display options
cert_opt = ca_default # Certificate display options
copy_extensions = none # Copy extensions from CSR
x509_extensions = signing_ca_ext # Default cert extensions
-default_crl_days = 365 # How long before next CRL
+default_crl_days = 30 # How long before next CRL
crl_extensions = crl_ext # CRL extensions
[ signing_ca ]
@@ -66,7 +66,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
database = $dir/ca/$ca/db/$ca.db # Index file
unique_subject = no # Require unique subject
-default_days = 730 # How long to certify for
+default_days = 90 # How long to certify for
default_md = sha1 # MD to use
policy = match_pol # Default naming policy
email_in_dn = no # Add email to cert DN
diff --git a/etc/server.conf b/etc/server.conf
index a17e361..337a7a4 100644
--- a/etc/server.conf
+++ b/etc/server.conf
@@ -20,7 +20,7 @@ req_extensions = server_reqext # Desired extensions
0.domainComponent = "net"
1.domainComponent = "eckner"
organizationName = "Eckner Net"
-organizationalUnitName = "Eckner Net"
+organizationalUnitName = "Eckner Net Https"
commonName = $ENV::CN
[ server_reqext ]