Subscribe

Change default security certificate expiration time

Hello,

 

the self signed certifiactes creating during install and SVM creation will expire after 365 days.

 

When i install the system i can change this certificates as described here: https://kb.netapp.com/support/index?page=content&id=1014389

 

But when the customer creates a new SVM the new certificate is only 365 days valid and must replaced manually.

 

Is there a way that all new certificates will be valid for 3650 days?

 

Or are there certificates that will be renew automatically?

 

I will prevent that the customer will get problems because there are certificates expired.

 

Regards

Stefan

Highlighted

Re: Change default security certificate expiration time

I am but a dumb OCI guy, but that KB doesn't mention the -expire-days cli option where you can override the default 365 day value with as much as 36510

Re: Change default security certificate expiration time

This when creating a new certificate on the CLI by entering the commands. I'm asking for a way that all new certificates will be created with a longer time period.

 

So that there is no need for replacing the certificate after creating a new SVM.

 

Re: Change default security certificate expiration time

Hi,

 

I believe the default expiration date of self-signed security certificates is 365 days since it is recommended to renew certificates every year for security reasons. 

 

Regards,

AJ

Re: Change default security certificate expiration time

Still not answering the question.  What I believe is being asked is if there is a file that can be modified so that all new security certificates default to 3650 days instead of 365 days, or is there a hidden switch in the vserver setup or vserver create command line that would change the default of 365 days to 3650 days when the security certificate is created automatically with SVM creation?  This would really help for automation so one did not have to go back in after the SVM creation to create and install a new certificate.  For a self signed certificate, it should be the customer option of default certificate expirey, not a dictated one.