Change Certificate Manager Default Internal Certificate Lifetime



  • As title.

    Is there a way to change the default Certificate Lifetime for new certs in Certificate Manager from 3650 days to another value?

    I've poured through the General & Advanced settings and cannot find anything obvious. If it's a Tunable, can someone advise the name & value?


  • LAYER 8 Global Moderator

    You would have to edit php file used when creating cert..

    https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/system_certmanager.php

    if ($act == "new") {
    	$pconfig['method'] = $_POST['method'];
    	$pconfig['keylen'] = "2048";
    	$pconfig['digest_alg'] = "sha256";
    	$pconfig['csr_keylen'] = "2048";
    	$pconfig['csr_digest_alg'] = "sha256";
    	$pconfig['csrsign_digest_alg'] = "sha256";
    	$pconfig['type'] = "user";
    	$pconfig['lifetime'] = "3650";
    }
    

    Keep in mind that would be reverted every time you updated pfsense and that file gets redone, etc.