On 4/23/20 12:20 PM, Fabian Grünbichler wrote: > if our self-signed certificate expires in more than 825 days, but was > created after July 2019 it won't be accepted by modern Apple devices. we > fixed the issuance to generate shorter-lived certificates in November > 2019, this cleans up the existing ones to fix this and similar future > issues. > > two years / 730 days as cut-off was chosen since it's our new maximum > self-signed certificate lifetime, and should thus catch all old-style > certificates. > > another positive side-effect is that we can now phase out support for > older certificates faster, e.g. if we want to move to bigger keys, > different signature algorithms, or anything else in that direction. > > Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> > --- > I'd also be fine with reducing both even more, e.g. to 1 year ;) > > bin/pveupdate | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) >
applied, thanks! _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
