From bfaf2a8201b83d7369772cb6f2439abe66d9342a Mon Sep 17 00:00:00 2001 From: Kyle McCullough Date: Mon, 5 Dec 2022 23:12:26 -0800 Subject: acme_server: Configurable default lifetime for issued certificates (#5232) * acme_server: add certificate lifetime configuration option Signed-off-by: Kyle McCullough * pki: allow intermediate cert lifetime to be configured Signed-off-by: Kyle McCullough Signed-off-by: Kyle McCullough --- caddyconfig/httpcaddyfile/pkiapp.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'caddyconfig/httpcaddyfile') diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index a67ac99..3414636 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -15,6 +15,7 @@ package httpcaddyfile import ( + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" @@ -28,9 +29,10 @@ func init() { // // pki { // ca [] { -// name -// root_cn -// intermediate_cn +// name +// root_cn +// intermediate_cn +// intermediate_lifetime // root { // cert // key @@ -83,6 +85,16 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal any) (any, error) { } pkiCa.IntermediateCommonName = d.Val() + case "intermediate_lifetime": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, err + } + pkiCa.IntermediateLifetime = caddy.Duration(dur) + case "root": if pkiCa.Root == nil { pkiCa.Root = new(caddypki.KeyPair) -- cgit v1.2.3