Merge pull request #1161 from jaylinski/ca-expiry

Avoid expiring of root certificate authority
2026-02-05 00:20:08 +01:00 · 2021-12-21 09:26:13 -05:00
parent 31f33fc5be 1f15953c73
commit 0a4087b15b
1 changed files with 13 additions and 6 deletions
--- a/cli/Valet/Site.php
+++ b/cli/Valet/Site.php
@@ -464,10 +464,15 @@ public function secured()
     *
     * @param  string  $url
     * @param  string  $siteConf  pregenerated Nginx config file contents
-     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
+     * @param  int  $certificateExpireInDays  The number of days the self signed certificate is valid.
+     *                                        Certificates SHOULD NOT have a validity period greater than 397 days.
+     * @param  int  $caExpireInYears  The number of years the self signed certificate authority is valid.
+     *
+     * @see https://github.com/cabforum/servercert/blob/main/docs/BR.md
+     *
     * @return void
     */
-    public function secure($url, $siteConf = null, $caExpireInDays = 368)
+    public function secure($url, $siteConf = null, $certificateExpireInDays = 396, $caExpireInYears = 20)
    {
        $this->unsecure($url);

@@ -477,8 +482,10 @@ public function secure($url, $siteConf = null, $caExpireInDays = 368)

        $this->files->ensureDirExists($this->nginxPath(), user());

-        $this->createCa($caExpireInDays);
-        $this->createCertificate($url, $caExpireInDays);
+        $caExpireInDate = (new \DateTime())->diff(new \DateTime("+{$caExpireInYears} years"));
+
+        $this->createCa($caExpireInDate->format('%a'));
+        $this->createCertificate($url, $certificateExpireInDays);

        $this->files->putAsUser(
            $this->nginxPath($url), $this->buildSecureNginxServer($url, $siteConf)
@@ -488,7 +495,7 @@ public function secure($url, $siteConf = null, $caExpireInDays = 368)
    /**
     * If CA and root certificates are nonexistent, create them and trust the root cert.
     *
-     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
+     * @param  int  $caExpireInDays  The number of days the self signed certificate authority is valid.
     * @return void
     */
    public function createCa($caExpireInDays)
@@ -526,7 +533,7 @@ public function createCa($caExpireInDays)
     * Create and trust a certificate for the given URL.
     *
     * @param  string  $url
-     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
+     * @param  int  $caExpireInDays  The number of days the self signed certificate is valid.
     * @return void
     */
    public function createCertificate($url, $caExpireInDays)