Change default security certificate expiration time

sraudonis · ‎2015-12-08

Hello,

the self signed certifiactes creating during install and SVM creation will expire after 365 days.

When i install the system i can change this certificates as described here: https://kb.netapp.com/support/index?page=content&id=1014389

But when the customer creates a new SVM the new certificate is only 365 days valid and must replaced manually.

Is there a way that all new certificates will be valid for 3650 days?

Or are there certificates that will be renew automatically?

I will prevent that the customer will get problems because there are certificates expired.

Regards

Stefan

ostiguy · ‎2015-12-08

I am but a dumb OCI guy, but that KB doesn't mention the -expire-days cli option where you can override the default 365 day value with as much as 36510

sraudonis · ‎2015-12-08

This when creating a new certificate on the CLI by entering the commands. I'm asking for a way that all new certificates will be created with a longer time period.

So that there is no need for replacing the certificate after creating a new SVM.

AJHunt18 · ‎2016-02-03

Hi,

I believe the default expiration date of self-signed security certificates is 365 days since it is recommended to renew certificates every year for security reasons.

Regards,

AJ

KennOwen · ‎2018-01-04

Still not answering the question. What I believe is being asked is if there is a file that can be modified so that all new security certificates default to 3650 days instead of 365 days, or is there a hidden switch in the vserver setup or vserver create command line that would change the default of 365 days to 3650 days when the security certificate is created automatically with SVM creation? This would really help for automation so one did not have to go back in after the SVM creation to create and install a new certificate. For a self signed certificate, it should be the customer option of default certificate expirey, not a dictated one.