[GH-ISSUE #324] Can i specify the expiration date instead of 2 years 3 month? #208

New issue

Closed

opened 2026-02-25 22:32:52 +03:00 by kerem · 4 comments

kerem commented

2026-02-25 22:32:52 +03:00

Owner

Originally created by @bestplay on GitHub (Dec 30, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/324

github.com/FiloSottile/mkcert@1a5aaff12e/cert.go (L62)

I need more longer expiration time for self signed certs, not only for IOS/MAC.

Originally created by @bestplay on GitHub (Dec 30, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/324 https://github.com/FiloSottile/mkcert/blob/1a5aaff12e0edb54f32ce187079d05c4a1ffd19b/cert.go#L62 I need more longer expiration time for self signed certs, not only for IOS/MAC.

kerem closed this issue

2026-02-25 22:32:52 +03:00

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@FiloSottile commented on GitHub (Jan 24, 2021):

Sorry, but mkcert is an opinionated tool that aims to hide all the complexity it can from developers, not a general purpose local CA management tool. We're not going to make the lifetime configurable when that can make the certificates mysteriously fail on some platforms.

@FiloSottile commented on GitHub (Jan 24, 2021): Sorry, but mkcert is an opinionated tool that aims to hide all the complexity it can from developers, not a general purpose local CA management tool. We're not going to make the lifetime configurable when that can make the certificates mysteriously fail on some platforms.

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@BenjaminNolan commented on GitHub (Jan 20, 2023):

So, Apple changed their security policies in April 2021 after this ticket was closed, and the new policies reject any certificates over a year in expiration without certain other requirements attached to them. I appreciate this is an opinionate tool, however the ability to generate a temporary certificate with a 3-6 month length would be very useful for people developing on macOS versions >= 10.14. https://sslmate.com/blog/post/apples_new_ct_policy has an explanation of exactly what they changed in it, which I'm hoping means more to you than me (SSL's internals isn't really in my wheelhouse!)

@BenjaminNolan commented on GitHub (Jan 20, 2023): So, Apple changed their security policies in April 2021 after this ticket was closed, and the new policies reject any certificates over a year in expiration without certain other requirements attached to them. I appreciate this is an opinionate tool, however the ability to generate a temporary certificate with a 3-6 month length would be very useful for people developing on macOS versions >= 10.14. https://sslmate.com/blog/post/apples_new_ct_policy has an explanation of exactly what they changed in it, which I'm hoping means more to you than me (SSL's internals isn't really in my wheelhouse!)

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@ruan11223344 commented on GitHub (Jan 31, 2024):

i think you can modify this line . then recompile and generate binaries to replace the original binaries

the build command is :go build -ldflags="-s -w -X main.Version=v[input your version]"

@ruan11223344 commented on GitHub (Jan 31, 2024): i think you can modify this line . then recompile and generate binaries to replace the original binaries ![image](https://github.com/FiloSottile/mkcert/assets/5679023/f1085929-1be3-4194-9808-2a855728039b) the build command is :go build -ldflags="-s -w -X main.Version=v[input your version]"

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@xinnjie commented on GitHub (Feb 2, 2025):

So, Apple changed their security policies in April 2021 after this ticket was closed, and the new policies reject any certificates over a year in expiration without certain other requirements attached to them. I appreciate this is an opinionate tool, however the ability to generate a temporary certificate with a 3-6 month length would be very useful for people developing on macOS versions >= 10.14. https://sslmate.com/blog/post/apples_new_ct_policy has an explanation of exactly what they changed in it, which I'm hoping means more to you than me (SSL's internals isn't really in my wheelhouse!)

Until today 2025/2/1, root certificate (validate for 10 years) produced by mkcert is still usable on IPhone. Though Apple seems to add an extra step. We need to trust the certicate in Certificate Trust Setting.

So for this mac/ios use case, specifying expiration date is still not needed. @BenjaminNolan

@xinnjie commented on GitHub (Feb 2, 2025): > So, Apple changed their security policies in April 2021 after this ticket was closed, and the new policies reject any certificates over a year in expiration without certain other requirements attached to them. I appreciate this is an opinionate tool, however the ability to generate a temporary certificate with a 3-6 month length would be very useful for people developing on macOS versions >= 10.14. https://sslmate.com/blog/post/apples_new_ct_policy has an explanation of exactly what they changed in it, which I'm hoping means more to you than me (SSL's internals isn't really in my wheelhouse!) Until today 2025/2/1, root certificate (validate for 10 years) produced by mkcert is still usable on IPhone. Though Apple seems to add an extra step. We need to trust the certicate in `Certificate Trust Setting`. So for this mac/ios use case, specifying expiration date is still not needed. @BenjaminNolan