On 4/23/20 1:59 PM, Fabian Grünbichler wrote: > On April 23, 2020 1:07 pm, Dominik Csapak wrote: >> LGTM >> >> maybe we should shorten the lifespan to 1 year already? >> according to [0], safari on macos will reject certs >> that are longer valid than 398 days, when issued on/after >> 2020-09-01 >> >> 0: https://support.apple.com/en-us/HT211025 >> > > forgot to include this tidbit: that change was actually the reason for > looking at it, but it only affects certificates issued by CAs shipped in > the Apple Trust Stores, not those issued by CAs manually trusted by a > user. so our self-signed CA and its certificates are not affected (for > now).
This all makes me thinking... Wouldn't we need to have the PMG also adapt to this? Checked a very recently from (new test) ISO installed test VM gets me a 10 year certificate lifespan.. I mean, there more may use a "trusted" one, but still.. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
