From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Valid til days is required with OpenVPN-2.4.x
Date: Mon, 18 Jun 2018 16:05:34 +0200
Message-ID: <1529330734.8691.2.camel@ipfire.org>
In-Reply-To: <002b508cf560f6802a0d7664e8365c60d5ee566d.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3741476167665733470=="
List-Id: <development.lists.ipfire.org>

--===============3741476167665733470==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi Michael,
yes i think 730 days are a good default. Patch is already made.
Can you merge the already delivered one so i can pull the actual state
and make then an own patch for this ?

Best,

Erik

Am Montag, den 18.06.2018, 14:51 +0100 schrieb Michael Tremer:
> I think that a reasonable default would be 2 years.
> 
> That is already the maximum I would feel comfortable with, but
> certificates
> *must* expire. They should not run for forever.
> 
> But I agree with Tom that there should be an easy way to extend the
> certificate
> and that we should have some UI elements that warn when a certificate
> is going
> to expire in the next ~30 days or so.
> 
> @Erik: Would you be up for implementing this?
> 
> Best,
> -Michael
> 


--===============3741476167665733470==--