step-ca: Allow longer validity for ACME certificates

By default, step-ca issues certificates that are valid for only one day. This means that clients need to have multiple renew attempts scheduled throughout the day, otherwise, missing one could mean having their certificates expire. This is unnecessary, and not even possible in all cases, so let's make the default validity period longer and avoid the issue.
2024-06-22 19:41:15 -05:00
parent 858bad55ca
commit 2ce1821667
1 changed files with 5 additions and 1 deletions
--- a/step-ca/ca.json
+++ b/step-ca/ca.json
@@ -25,7 +25,11 @@
 		"provisioners": [
 			{
 				"type": "ACME",
-				"name": "acme"
+				"name": "acme",
+				"claims": {
+					"maxTLSCertDuration": "744h",
+					"defaultTLSCertDuration": "168h"
+				}
 			},
 			{
 				"type": "OIDC",