[tech] client certificate expiry
mbays at sdf.org
Thu Mar 25 22:44:59 GMT 2021
Does it make sense to give a self-signed client certificate an
expiration date? I think not, and therefore according to RFC5280 section
220.127.116.11, notAfter should be set to 9999-12-31 23:59.
The same goes for self-signed server certificates, but I mention this in
the context of client certs because the notAfter time gives a way to
fingerprint clients. So it would be good for clients which generate
client certs to agree on this.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available
More information about the Gemini