13 lines
344 B
Plaintext
13 lines
344 B
Plaintext
Root CA cert valid for 6y
|
|
Root CA CRL valid for 14m
|
|
* need ceremony at least once per y to renew CRL
|
|
|
|
KC certificates valid for 8m (verify calculation of influence on possible new CA)
|
|
|
|
CA certs valid for 1y
|
|
Limited certificate depth to 1 (so it can't issue CA)
|
|
|
|
CA CRL valid for 1d (or even less)
|
|
|
|
End user / device certificates valid for 3m
|