Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit CA and Cert lifetime to 825 days #5

Merged
merged 1 commit into from
Dec 12, 2019
Merged

Limit CA and Cert lifetime to 825 days #5

merged 1 commit into from
Dec 12, 2019

Conversation

RandomByte
Copy link

Resolves ERR_CERT_REVOKED errors in Chrome on macOS 10.15 Catalina.

As decided by the CA/B Forum [1], newly created TLS certificates shall
have a maximum lifetime of 825 days (~27 months).

Apple implemented this in their latest software as a requirement for all
certificates issued after July 1, 2019 [2], presumably causing the
ERR_CERT_REVOKED error in Chrome [3].

Since this fork of devcert follows the idea of forgetting all private
keys after issuing the required certificate(s), there's no point in
giving the CA a longer lifetime than the certificate.

[1] https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/
[2] https://support.apple.com/en-us/HT210176
[3] https://support.google.com/chrome/thread/14551925?hl=en

Resolves #4

Resolves ERR_CERT_REVOKED errors in Chrome on macOS 10.15 Catalina.

As decided by the CA/B Forum [1], newly created TLS certificates shall
have a maximum lifetime of 825 days (~27 months).

Apple implemented this in their latest software as a requirement for all
certificates issued after July 1, 2019 [2], presumably causing the
ERR_CERT_REVOKED error in Chrome [3].

Since this fork of devcert follows the idea of forgetting all private
keys after issuing the required certificate(s), there's no point in
giving the CA a longer lifetime than the certificate.

[1] https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/
[2] https://support.apple.com/en-us/HT210176
[3] https://support.google.com/chrome/thread/14551925?hl=en

Resolves #4
@RandomByte
Copy link
Author

Just noticed that upstream fixed this the same way: davewasmer#45 😅 👍

@guybedford guybedford merged commit 8dd4c96 into guybedford:master Dec 12, 2019
@guybedford
Copy link
Owner

Ha good to see! Thanks for the PR. I've published 0.4.6.

@RandomByte
Copy link
Author

Great this worked out so fast. Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Chrome on macOS Catalina shows ERR_CERT_REVOKED for certs with validity over 825 days
2 participants