Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-14 16:17:03 +01:00
Code Issues Projects Releases Wiki Activity

refactor: improve certificate duration variable naming (#1329)

Browse Source 
## Summary

- Rename constants to `DEFAULT_CERT_VALIDITY_DURATION_DAYS` and
`DEFAULT_CRL_VALIDITY_DURATION_DAYS` for clarity
- Replace all hardcoded `3650` values with the constants
- Split `DAYS_VALID` into `CLIENT_CERT_DURATION_DAYS` and
`SERVER_CERT_DURATION_DAYS` for more granular control over client vs
server certificate validity
- Increase CRL validity to 15 years (5475 days) to provide a 5-year
safety buffer over the default 10-year certificate validity
- Update README with new headless install variables

## Breaking changes

- `DAYS_VALID` environment variable is replaced by
`CLIENT_CERT_DURATION_DAYS` and `SERVER_CERT_DURATION_DAYS`
This commit is contained in:
Stanislas
2025-12-09 23:33:57 +01:00
committed by GitHub
parent f9a544104e
commit ffcffac061
3 changed files with 35 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -89,7 +89,8 @@ If you want to customise your installation, you can export them or specify them
- `CLIENT=clientname`
- `PASS=1`
- `MULTI_CLIENT=n`
- `DAYS_VALID=3650`
- `CLIENT_CERT_DURATION_DAYS=3650`
- `SERVER_CERT_DURATION_DAYS=3650`
If the server is behind NAT, you can specify its endpoint with the `ENDPOINT` variable. If the endpoint is the public IP address which it is behind, you can use `ENDPOINT=$(curl -4 ifconfig.co)` (the script will default to this). The endpoint can be an IPv4 or a domain.