starred/certidude-laurivosandi
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude.git synced 2026-04-25 08:35:55 +03:00
Code Issues 29 Projects Releases Packages Wiki Activity

[GH-ISSUE #24] Customizable certificate expiration #21

New issue
Closed
opened 2026-02-26 03:33:30 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 03:33:30 +03:00
Owner
Copy link

Originally created by @laurivosandi on GitHub (Jan 25, 2017).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/24

When certificate is going to be signed UI could show a popup where following can be adjusted:

  • Certificate expires in X years, as predefined in /etc/certidude/server.conf
  • Certificate expires when user account expires in AD
  • Certificate expires at particular date handpicked by the

When automatic enrollment is possible certificate expiration policy could be defined in /etc/certidude/server.conf.

Cronjob for automatically revoking certificates for disabled/deleted computer/user accounts should be added. To consistently map users to certificates perhaps SID should be added into the certificate somehow?

Originally created by @laurivosandi on GitHub (Jan 25, 2017). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/24 When certificate is going to be signed UI could show a popup where following can be adjusted: * Certificate expires in X years, as predefined in ```/etc/certidude/server.conf``` * Certificate expires when user account expires in AD * Certificate expires at particular date handpicked by the When automatic enrollment is possible certificate expiration policy could be defined in ```/etc/certidude/server.conf```. Cronjob for automatically revoking certificates for disabled/deleted computer/user accounts should be added. To consistently map users to certificates perhaps SID should be added into the certificate somehow?
kerem closed this issue 2026-02-26 03:33:30 +03:00
kerem commented 2026-02-26 03:33:31 +03:00
Author
Owner
Copy link

@laurivosandi commented on GitHub (May 11, 2018):

Currently /etc/certidude/profile.conf allows setting lifetime for particular signature profile, an example is here: https://github.com/laurivosandi/certidude/blob/master/certidude/templates/server/profile.conf

<!-- gh-comment-id:388455597 --> @laurivosandi commented on GitHub (May 11, 2018): Currently /etc/certidude/profile.conf allows setting lifetime for particular signature profile, an example is here: https://github.com/laurivosandi/certidude/blob/master/certidude/templates/server/profile.conf
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certidude-laurivosandi#21
No description provided.