#7827 Root CA lifetime needs to be capped at 2038
Opened 7 months ago by abbra. Modified 7 months ago

Default root CA lifetime is set to 20 years in FreeIPA. This means installations done since January 2019 are now using expiration time that will not be accepted by Kerberos PKINIT (and may be other areas). This is going to be a big investigation but for time being we should cap the lifetime of the root CA at 2038 timestamp during install.


Metadata Update from @abbra:
- Issue set to the milestone: FreeIPA 4.6

7 months ago

Metadata Update from @abbra:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1660877

7 months ago

Login to comment on this ticket.

Metadata