From 96438f54ebf72576aee22a5f61fe6334b78be1da Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Thu, 16 Jan 2020 11:23:12 -0500 Subject: Set certificate expiry to 10 years I'm pretty sure any kind of "renewing" of these is going to suck, so just set it long enough that the world will probably be ash by then. --- bounce.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bounce.c b/bounce.c index 6f98cf2..eef6c12 100644 --- a/bounce.c +++ b/bounce.c @@ -59,7 +59,7 @@ static void genKey(const char *path) { snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name); execlp( LIBRESSL_BIN_PREFIX "openssl", "openssl", "req", - "-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "1000", + "-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650", "-nodes", "-subj", subj, "-keyout", path, NULL ); @@ -98,7 +98,7 @@ static void genCert(const char *path, const char *ca) { redir(STDIN_FILENO, rw[0]); execlp( LIBRESSL_BIN_PREFIX "openssl", "openssl", "x509", - "-CA", ca, "-CAcreateserial", "-days", "1000", + "-CA", ca, "-CAcreateserial", "-days", "3650", NULL ); err(EX_UNAVAILABLE, "openssl"); -- cgit 1.4.1