[GH-ISSUE #24] Customizable certificate expiration #21

Closed
opened 2026-02-26 03:33:30 +03:00 by kerem · 1 comment
Owner

Originally created by @laurivosandi on GitHub (Jan 25, 2017).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/24

When certificate is going to be signed UI could show a popup where following can be adjusted:

  • Certificate expires in X years, as predefined in /etc/certidude/server.conf
  • Certificate expires when user account expires in AD
  • Certificate expires at particular date handpicked by the

When automatic enrollment is possible certificate expiration policy could be defined in /etc/certidude/server.conf.

Cronjob for automatically revoking certificates for disabled/deleted computer/user accounts should be added. To consistently map users to certificates perhaps SID should be added into the certificate somehow?

Originally created by @laurivosandi on GitHub (Jan 25, 2017). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/24 When certificate is going to be signed UI could show a popup where following can be adjusted: * Certificate expires in X years, as predefined in ```/etc/certidude/server.conf``` * Certificate expires when user account expires in AD * Certificate expires at particular date handpicked by the When automatic enrollment is possible certificate expiration policy could be defined in ```/etc/certidude/server.conf```. Cronjob for automatically revoking certificates for disabled/deleted computer/user accounts should be added. To consistently map users to certificates perhaps SID should be added into the certificate somehow?
kerem closed this issue 2026-02-26 03:33:30 +03:00
Author
Owner

@laurivosandi commented on GitHub (May 11, 2018):

Currently /etc/certidude/profile.conf allows setting lifetime for particular signature profile, an example is here: https://github.com/laurivosandi/certidude/blob/master/certidude/templates/server/profile.conf

<!-- gh-comment-id:388455597 --> @laurivosandi commented on GitHub (May 11, 2018): Currently /etc/certidude/profile.conf allows setting lifetime for particular signature profile, an example is here: https://github.com/laurivosandi/certidude/blob/master/certidude/templates/server/profile.conf
Sign in to join this conversation.
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certidude-laurivosandi#21
No description provided.