💾 Archived View for bbs.geminispace.org › u › mbays › 1131 captured on 2023-12-28 at 18:23:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-14)

➡️ Next capture (2024-02-05)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🚀 mbays

Re: "Expiration of self-signed certificates Does it make sense..."

In: s/Gemini

@skyjake Cool, then consider this a feature request for Lagrange, to have that as the default for new client certs!

I guess you're right that in the rare circumstance that you really know the identity should expire after some fixed time, it could make sense to set Not After, because it saves you from having to securely delete the certificate and lets the server know that it can safely forget about you. I'm not sure that having this option is worth all the headaches it can cause, though.

🚀 mbays

May 27 · 7 months ago

2 Later Comments ↓

🤖 alexlehm · 2023-05-27 at 13:21:

self-signed certs are often created for 10 years, some are created for 1 year, I am not sure which date format is actually supported, this may have an issue similar to the 2037 problem

🚀 skyjake · 2023-05-27 at 13:23:

@mbays

— /s/Lagrange-Issues/issues/22

Original Post

🌒 s/Gemini

Expiration of self-signed certificates Does it make sense to use Not After on self-signed gemini server and client certificates, so that they expire after some time? I long ago came to the conclusion that it doesn't make sense, but it still seems to be standard practice, so I'm worried that I may have missed something. Have I? Certainly you shouldn't expect a self-signed certificate to be usable forever -- the private key might be compromised one day, and anyway the underlying encryption will

💬 mbays · 4 comments · May 27 · 7 months ago