mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change default intermediate issuer expiry from 5y to 3y

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-15 00:52:01 -07:00
parent 0f1d58a9b8
commit bb09d04997
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/engine/ca/ca.go
View File

@@ -498,7 +498,7 @@ func (e *CAEngine) handleCreateIssuer(ctx context.Context, req *engine.Request)
keySize = int(v)
}
expiry := "43800h" // 5 years default
expiry := "26280h" // 3 years default
if v, ok := req.Data["expiry"].(string); ok && v != "" {
expiry = v
}

2
internal/engine/ca/types.go
View File

@@ -16,7 +16,7 @@ type IssuerConfig struct {
Name string `json:"name"`
KeyAlgorithm string `json:"key_algorithm"`
KeySize int `json:"key_size"`
Expiry string `json:"expiry"` // issuer cert expiry, e.g. "43800h" (5 years)
Expiry string `json:"expiry"` // issuer cert expiry, e.g. "26280h" (3 years)
MaxTTL string `json:"max_ttl"` // max leaf cert TTL, e.g. "8760h" (1 year)
CreatedBy string `json:"created_by"`
CreatedAt time.Time `json:"created_at"`