Skip to content

Commit

Permalink
fix: generate server certificates with a max duration of 825 days (#492)
Browse files Browse the repository at this point in the history
  • Loading branch information
divdavem authored Nov 28, 2024
1 parent e09b37c commit 0d44d97
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions packages/app/server/tls/certs.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import { pki, md, util } from 'node-forge';

const TEN_YEARS_IN_MS = 10 * 365 * 24 * 60 * 60 * 1000;
// Validity max duration in ms:
// Apple requires 825 days or fewer (cf https://support.apple.com/en-us/103769)
const VALIDITY_DURATION = 825 * 24 * 60 * 60 * 1000;

interface CertificateOptions {
issuer?: pki.Certificate;
Expand Down Expand Up @@ -40,7 +42,9 @@ export async function createCertificate(
const now = Date.now();
cert.serialNumber = `${now}`;
cert.validity.notBefore = new Date(now);
cert.validity.notAfter = issuer ? issuer.validity.notAfter : new Date(now + TEN_YEARS_IN_MS);
cert.validity.notAfter = new Date(
Math.min(issuer?.validity.notAfter.getTime() ?? Infinity, now + VALIDITY_DURATION),
);
const subject = [
{
name: 'commonName',
Expand Down

0 comments on commit 0d44d97

Please sign in to comment.