d3llf
/
hs_pki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hs_pki/design/hs_pki_policy

13 lines
344 B
Plaintext
Raw Blame History

Root CA cert valid for 6y
Root CA CRL valid for 14m
* need ceremony at least once per y to renew CRL
KC certificates valid for 8m (verify calculation of influence on possible new CA)
CA certs valid for 1y
Limited certificate depth to 1 (so it can't issue CA)
CA CRL valid for 1d (or even less)
End user / device certificates valid for 3m
Reference in New Issue View Git Blame Copy Permalink