You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
using the django-ca (latest docker image) i realised, that profiles expires parameter seems to be ignored. I used the following additional profile, which is mapped into the container via docker-compose.override.yml:
CA_DEFAULT_EXPIRES: 365
CA_PROFILES:
server_3y:
description: A certificate for a webserver with 3 years validity time.
expires: 1095
extensions:
extended_key_usage:
critical: false
value:
- serverAuth
key_usage:
critical: true
value:
- digitalSignature
- keyEncipherment
subject: /O=MyOrg/OU=Lab
As a result, the certificate contains the correct subject and extensions, but has default validity time of 1 year. Giving parameter --expires 1095 in addition works for sure.
Could you please verify and solve this as well?
Thank you!
The text was updated successfully, but these errors were encountered:
Thanks for the report, I have a fix ready and it will be in the next release.
However, I must note that most (all?) browsers will not accept certificates with a three year validity time anymore. I think one year is the maximum now.
thank you for fixing the issue. I'm aware of the browser limitations but there might be other use cases, e.g. s2s/c2s VPN. From a security perspective, long-lived certificates are of course not recommended ;-)
Hello,
using the django-ca (latest docker image) i realised, that profiles
expires
parameter seems to be ignored. I used the following additional profile, which is mapped into the container viadocker-compose.override.yml
:volumes: - ./localsettings.yaml:/usr/src/django-ca/ca/conf/compose/99-localsettings.yaml
localsettings.yaml:
As a result, the certificate contains the correct
subject
andextensions
, but has default validity time of 1 year. Giving parameter--expires 1095
in addition works for sure.Could you please verify and solve this as well?
Thank you!
The text was updated successfully, but these errors were encountered: