mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard

Published 20 hours ago verified publisher icon FiloSottile

Decrease the certificate expiry date

Open i8degrees opened this issue 3 years ago • 5 comments

  • The certificate expiry date has been modified from 2 years, 3 months to 13 months (397 days). This allows for passing SSL certificate checks that validate the expiry date of the issued server certificate, such as Google Chrome on the Android 11 platform.

Note that this change only effects the issuing of server certificates and not the root certificate itself.

i8degrees avatar Nov 15 '21 05:11 i8degrees

AFAIK, the 397 days requirement is only applied to the system roots, not to user-installed roots. Does this only apply to rooted Android devices where the mkcert root is added to the system roots?

FiloSottile avatar Apr 25 '22 16:04 FiloSottile

Can confirm that building @i8degrees branch fix my issues with chrome on Android. I no longer have "ERR_CERT_VALIDITY_TOO_LONG".

Kiblyn11 avatar May 25 '22 16:05 Kiblyn11

Was the mkcert root added to the system store by rooting Android?

FiloSottile avatar May 25 '22 17:05 FiloSottile

Yes, mkcert root was added to the trust. Some apps were working fine, some were'nt. I knew why when hitting Chrome issue "ERR_CERT_VALIDITY_TOO_LONG". App who used classic Android APIs were fine, Apps who used webview throwed errors.

Kiblyn11 avatar May 25 '22 17:05 Kiblyn11

@FiloSottile

Yes, the mkcert root cert was added to the system store by rooting my Android device.

I would not quote me on this, but I do want to agree with @Kiblyn11 in that I observed the same error pattern occurring only when the apps utilized the WebView framework.

I apologize for such a late reply.

i8degrees avatar Sep 19 '22 00:09 i8degrees