starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #337] minimize CA root certificate lifetime #219

New issue
Open
opened 2026-02-25 22:32:53 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:32:53 +03:00
Owner
Copy link

Originally created by @Amel1010 on GitHub (Feb 10, 2021).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/337

I have a problem on safari browser with ios 13 and 14 devices. the rootCA.pem is installed and exists under trusted certificates on ios device but it still not valid on safari!!

after seeing some replies on the net , certain recommand to minimise the lifetime of the certificate to maximum 825 days.
Is it possible with mkcert certificate ? if yes wich release contains this configuration ?

Originally created by @Amel1010 on GitHub (Feb 10, 2021). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/337 I have a problem on safari browser with ios 13 and 14 devices. the rootCA.pem is installed and exists under trusted certificates on ios device but it still not valid on safari!! after seeing some replies on the net , certain recommand to minimise the lifetime of the certificate to maximum 825 days. Is it possible with mkcert certificate ? if yes wich release contains this configuration ?
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Feb 10, 2021):

Latest mkcert already limits the lifetime of the website certificate to within the iOS limits. The limits don't apply to the lifetime of the root CA. If you are having issues, update to the latest mkcert and then regenerate the website certificate.

<!-- gh-comment-id:776884820 --> @FiloSottile commented on GitHub (Feb 10, 2021): Latest mkcert already limits the lifetime of the website certificate to within the iOS limits. The limits don't apply to the lifetime of the root CA. If you are having issues, update to the latest mkcert and then regenerate the website certificate.
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@xzxiaoshan commented on GitHub (Dec 12, 2024):

Latest mkcert already limits the lifetime of the website certificate to within the iOS limits. The limits don't apply to the lifetime of the root CA. If you are having issues, update to the latest mkcert and then regenerate the website certificate.

Android also has other duration issues, and the best solution should be to provide parameters when creating certificates to set the validity period (days)

<!-- gh-comment-id:2538630923 --> @xzxiaoshan commented on GitHub (Dec 12, 2024): > Latest mkcert already limits the lifetime of the website certificate to within the iOS limits. The limits don't apply to the lifetime of the root CA. If you are having issues, update to the latest mkcert and then regenerate the website certificate. Android also has other duration issues, and the best solution should be to provide parameters when creating certificates to set the validity period (days)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#219
No description provided.