Cert Manager
-
Is it time to revisit the default cert lifetime defaults in the web GUI?
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
TLDR: Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.
-
Luckily the Let's Encrypt lifetime is ninety-day anyway. ;-)
-Rico
-
it's time to ditch safari
it's funny to see how apple can rule the world̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
Please do not use chat/PM to ask for help
we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
Don't forget to Upvote with the 👍 button for any post you find to be helpful. -
BTW: jimp covered how to setup Let's Encrypt for the pfSense GUI in his great Let's Encrypt on pfSense hangout: https://www.netgate.com/resources/videos/lets-encrypt-on-pfsense.html
-Rico
-
@kiokoman said in Cert Manager:
it's time to ditch safari
it's funny to see how apple can rule the worldI doubt it will just be Apple.
"Cutting certificate lifetimes has been mulled by Apple, Google, and other members of CA/Browser for months. The policy has its benefits and drawbacks"
-
Already updated.
https://redmine.pfsense.org/issues/9825 -
@pfSenseTest said in Cert Manager:
Already updated.
https://redmine.pfsense.org/issues/9825Yep, we already saw that last week and enacted the lower lifetime. New installs will have the GUI cert set to that lifetime, or you can make a new one when
pfSsh.php playback generateguicertif you're on a release or snapshot with the change.Just the GUI cert lifetime change is in 2.4.5, but for 2.5.0 there are more benefits.
For example, the GUI has a visible warning when you exceed the limit for a server cert:
Plus in 2.5.0 where you can renew a cert in the GUI, there is an option to apply the lower limit at that time.
