From 7f727b791b76147f97bfae2a152f57ad94240106 Mon Sep 17 00:00:00 2001 From: Eric F Crist Date: Mon, 25 Nov 2019 19:17:46 -0600 Subject: [PATCH] Default cert expire down to 825 days * resolves #52 Signed-off-by: Eric F Crist --- easyrsa3/easyrsa | 2 +- easyrsa3/vars.example | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index c9d394b..042c5df 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1603,7 +1603,7 @@ Note: using Easy-RSA configuration from: $vars" set_var EASYRSA_CURVE secp384r1 set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams" set_var EASYRSA_CA_EXPIRE 3650 - set_var EASYRSA_CERT_EXPIRE 1080 # new default of 36 months + set_var EASYRSA_CERT_EXPIRE 825 # new default of 36 months set_var EASYRSA_CERT_RENEW 30 set_var EASYRSA_CRL_DAYS 180 set_var EASYRSA_NS_SUPPORT no diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example index 2e11b21..4c77171 100644 --- a/easyrsa3/vars.example +++ b/easyrsa3/vars.example @@ -125,7 +125,7 @@ fi # In how many days should certificates expire? -#set_var EASYRSA_CERT_EXPIRE 1080 +#set_var EASYRSA_CERT_EXPIRE 825 # How many days until the next CRL publish date? Note that the CRL can still be # parsed after this timeframe passes. It is only used for an expected next