From bfaf2a8201b83d7369772cb6f2439abe66d9342a Mon Sep 17 00:00:00 2001
From: Kyle McCullough <kylemcc@gmail.com>
Date: Mon, 5 Dec 2022 23:12:26 -0800
Subject: acme_server: Configurable default lifetime for issued certificates
 (#5232)

* acme_server: add certificate lifetime configuration option

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

* pki: allow intermediate cert lifetime to be configured

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
---
 modules/caddypki/certificates.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/caddypki/certificates.go')

diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go
index c3b88a1..e300429 100644
--- a/modules/caddypki/certificates.go
+++ b/modules/caddypki/certificates.go
@@ -35,8 +35,8 @@ func generateRoot(commonName string) (*x509.Certificate, crypto.Signer, error) {
 	return root, signer, nil
 }
 
-func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.Signer) (*x509.Certificate, crypto.Signer, error) {
-	template, signer, err := newCert(commonName, x509util.DefaultIntermediateTemplate, defaultIntermediateLifetime)
+func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.Signer, lifetime time.Duration) (*x509.Certificate, crypto.Signer, error) {
+	template, signer, err := newCert(commonName, x509util.DefaultIntermediateTemplate, lifetime)
 	if err != nil {
 		return nil, nil, err
 	}
-- 
cgit v1.2.3