minimize CA root certificate lifetime

FiloSottile / mkcert

A simple zero-config tool to make locally trusted development certificates with any names you'd like.

https://mkcert.dev

BSD 3-Clause "New" or "Revised" License

49.16k stars 2.54k forks source link

minimize CA root certificate lifetime #337

Open Amel1010 opened 3 years ago

Amel1010 commented 3 years ago

I have a problem on safari browser with ios 13 and 14 devices. the rootCA.pem is installed and exists under trusted certificates on ios device but it still not valid on safari!!

after seeing some replies on the net , certain recommand to minimise the lifetime of the certificate to maximum 825 days. Is it possible with mkcert certificate ? if yes wich release contains this configuration ?

FiloSottile commented 3 years ago

Latest mkcert already limits the lifetime of the website certificate to within the iOS limits. The limits don't apply to the lifetime of the root CA. If you are having issues, update to the latest mkcert and then regenerate the website certificate.