empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixing SSL certificates to make them valid. (#16359)

Browse Source 
SSL certificates have a maximum lifetime of 398 days right now (13
months).

It took me a while to figure out why these were not working via the
macOS keychain (specifically curl and Safari).
It appears the CA certificate can have a longer lifetime, but the SSL
certificates it issues must have a limited lifetime.
This commit is contained in:
Victor Lyuboslavsky 2024-01-31 12:00:59 -06:00 committed by GitHub
parent 6e79ed6a83
commit 4416a68496
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/test-orbit-mtls/gen.sh
View File

@ -20,9 +20,9 @@ openssl genrsa 2048 > client-ca.key
openssl req -new -x509 -nodes -days 1000 -key client-ca.key > client-ca.crt
# Generate a client certificate signing request
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client.key > client.req
openssl req -newkey rsa:2048 -days 398 -nodes -keyout client.key > client.req
# Have the CA sign the client certificate request and output the client certificate.
openssl x509 -req -in client.req -days 1000 -CA client-ca.crt -CAkey client-ca.key -set_serial 01 > client.crt
openssl x509 -req -in client.req -days 398 -CA client-ca.crt -CAkey client-ca.key -set_serial 01 > client.crt
rm client.req
rm client.req