sbctl icon indicating copy to clipboard operation
sbctl copied to clipboard
verified publisher icon Foxboron

Feature request: configurable certificate validity period (NotAfter)

Open jo-m opened this issue 6 months ago • 0 comments

Currently, when using sbctl create-keys, the validity period is hardcoded:

	c := x509.Certificate{
		SerialNumber:       serialNumber,
		PublicKeyAlgorithm: x509.RSA,
		SignatureAlgorithm: x509.SHA256WithRSA,
		NotBefore:          time.Now(),
		NotAfter:           time.Now().AddDate(5, 0, 0),
		Subject: pkix.Name{
			Country:    []string{desc},
			CommonName: desc,
		},
	}

time.Now() can be overridden via faketime, but .AddDate(5, 0, 0) cannot.

Would it be possible to allow to configure the period? Or, are there deeper reasons to not do this.

jo-m avatar Jul 17 '25 11:07 jo-m