shorter lifetime for certs

author: Erich Eckner <git@eckner.net> 2019-09-02 10:57:31 +0200
committer: Erich Eckner <git@eckner.net> 2019-09-02 12:03:10 +0200
commit: dfbcea79b227d150e2f5a35f9172f4f12d025fc2 (patch)
tree: ad00fe538d8acbc311839d2d1bb101ec4b835349 /etc
parent: 1528df30f0084924b3ab49c0083438479ecb7838 (diff)
download: simple-pki-dfbcea79b227d150e2f5a35f9172f4f12d025fc2.tar.xz
2 files changed, 4 insertions, 4 deletions
diff --git a/etc/ca.conf b/etc/ca.conf
index 0b768e0..74c4065 100644
--- a/etc/ca.conf
+++ b/etc/ca.conf
@@ -46,7 +46,7 @@ serial                  = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
 crlnumber               = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
 database                = $dir/ca/$ca/db/$ca.db # Index file
 unique_subject          = no                    # Require unique subject
-default_days            = 3652                  # How long to certify for
+default_days            = 365                   # How long to certify for
 default_md              = sha1                  # MD to use
 policy                  = match_pol             # Default naming policy
 email_in_dn             = no                    # Add email to cert DN
@@ -55,7 +55,7 @@ name_opt                = ca_default            # Subject DN display options
 cert_opt                = ca_default            # Certificate display options
 copy_extensions         = none                  # Copy extensions from CSR
 x509_extensions         = signing_ca_ext        # Default cert extensions
-default_crl_days        = 365                   # How long before next CRL
+default_crl_days        = 30                    # How long before next CRL
 crl_extensions          = crl_ext               # CRL extensions
 
 [ signing_ca ]
@@ -66,7 +66,7 @@ serial                  = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
 crlnumber               = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
 database                = $dir/ca/$ca/db/$ca.db # Index file
 unique_subject          = no                    # Require unique subject
-default_days            = 730                   # How long to certify for
+default_days            = 90                    # How long to certify for
 default_md              = sha1                  # MD to use
 policy                  = match_pol             # Default naming policy
 email_in_dn             = no                    # Add email to cert DN
diff --git a/etc/server.conf b/etc/server.conf
index a17e361..337a7a4 100644
--- a/etc/server.conf
+++ b/etc/server.conf
@@ -20,7 +20,7 @@ req_extensions          = server_reqext         # Desired extensions
 0.domainComponent       = "net"
 1.domainComponent       = "eckner"
 organizationName        = "Eckner Net"
-organizationalUnitName  = "Eckner Net"
+organizationalUnitName  = "Eckner Net Https"
 commonName              = $ENV::CN
 
 [ server_reqext ]
author	Erich Eckner <git@eckner.net>	2019-09-02 10:57:31 +0200
committer	Erich Eckner <git@eckner.net>	2019-09-02 12:03:10 +0200
commit	dfbcea79b227d150e2f5a35f9172f4f12d025fc2 (patch)
tree	ad00fe538d8acbc311839d2d1bb101ec4b835349 /etc
parent	1528df30f0084924b3ab49c0083438479ecb7838 (diff)
download	simple-pki-dfbcea79b227d150e2f5a35f9172f4f12d025fc2.tar.xz