Public bug reported: The CA/Browser Forum now has a standard with maximum expiration of 825 days.
References: https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/ https://www.sslshopper.com/cab-forum-reduces-max-cert-validity-to-825-days.html https://support.apple.com/en-us/HT210176 Related previous issue when changed from 30-days to 10-years: "ssl-cert generate-default-snakeoil provides no way to override default 30 day expiration" https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/253512 ** Affects: ssl-cert (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853021 Title: ssl-cert generate-default-snakeoil provides no way to override default 10 year expiration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1853021/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs