The link at [1] does not talk about self-signed certificates at all, only about DV and OV certificates. I agree that make-ssl-cert should have an option for the life time of the generated certificate, but I don't think that 825 days should be the default for 'generate-default- snakeoil'. If you have an official certificate, you don't have to do anything on the clients to make it trusted, but for a self-signed certificate, you have to distribute the certificate manually. Having to do this every 2.5 years seems excessive.
[1] https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853021 Title: ssl-cert generate-default-snakeoil provides no way to override default 10 year expiration or reduce to 825 day expiration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1853021/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs