diff options
author | Kyle McCullough <kylemcc@gmail.com> | 2022-12-05 23:12:26 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-06 00:12:26 -0700 |
commit | bfaf2a8201b83d7369772cb6f2439abe66d9342a (patch) | |
tree | 6be62eee5163d018dcf2214c77195abeda280ea9 /caddyconfig | |
parent | fef9cb3e05ea071cdfd9ed1a6be5c8dcabf6603e (diff) |
acme_server: Configurable default lifetime for issued certificates (#5232)
* acme_server: add certificate lifetime configuration option
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
* pki: allow intermediate cert lifetime to be configured
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/pkiapp.go | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index a67ac99..3414636 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -15,6 +15,7 @@ package httpcaddyfile import ( + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" @@ -28,9 +29,10 @@ func init() { // // pki { // ca [<id>] { -// name <name> -// root_cn <name> -// intermediate_cn <name> +// name <name> +// root_cn <name> +// intermediate_cn <name> +// intermediate_lifetime <duration> // root { // cert <path> // key <path> @@ -83,6 +85,16 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal any) (any, error) { } pkiCa.IntermediateCommonName = d.Val() + case "intermediate_lifetime": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, err + } + pkiCa.IntermediateLifetime = caddy.Duration(dur) + case "root": if pkiCa.Root == nil { pkiCa.Root = new(caddypki.KeyPair) |