Skip to content

Commit

Permalink
fix: generate server certificates with a max duration of 825 days
Browse files Browse the repository at this point in the history
  • Loading branch information
divdavem committed Sep 6, 2024
1 parent 3e8a9a4 commit d068c00
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions packages/app/server/tls/certs.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import { pki, md, util } from 'node-forge';

const TEN_YEARS_IN_MS = 10 * 365 * 24 * 60 * 60 * 1000;
// Validity max duration in ms:
// Apple requires 825 days or fewer (cf https://support.apple.com/en-us/103769)
const VALIDITY_DURATION = 825 * 24 * 60 * 60 * 1000;

interface CertificateOptions {
issuer?: pki.Certificate;
Expand Down Expand Up @@ -40,7 +42,9 @@ export async function createCertificate(
const now = Date.now();
cert.serialNumber = `${now}`;
cert.validity.notBefore = new Date(now);
cert.validity.notAfter = issuer ? issuer.validity.notAfter : new Date(now + TEN_YEARS_IN_MS);
cert.validity.notAfter = new Date(

Check warning on line 45 in packages/app/server/tls/certs.ts

View check run for this annotation

Codecov / codecov/patch

packages/app/server/tls/certs.ts#L45

Added line #L45 was not covered by tests
Math.min(issuer?.validity.notAfter.getTime() ?? Infinity, now + VALIDITY_DURATION),
);
const subject = [
{
name: 'commonName',
Expand Down

0 comments on commit d068c00

Please sign in to comment.