From fa552574986a7f50aa7819ae843d77195f6d90c2 Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Mon, 8 Jul 2024 20:04:25 +0200 Subject: [PATCH] chore(deployment): add certificate expiration in file CA example Signed-off-by: Jose I. Paris --- deployment/chainloop/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md index f062a4b93..eee069f81 100644 --- a/deployment/chainloop/README.md +++ b/deployment/chainloop/README.md @@ -371,12 +371,12 @@ secretsBackend: *This feature is experimental, as it doesn't yet support verification.* You can enable keyless signing mode by providing a custom Certificate Authority. -For example, these commands generate a self-signed certificate with an RSA private key of length 4096 and AES256 encryption: +For example, these commands generate a self-signed certificate with an RSA private key of length 4096 and AES256 encryption with a validity of 365 days: ```bash > openssl genrsa -aes256 -out ca.key 4096 ... -> openssl req -new -x509 -sha256 -key ca.key -out ca.crt +> openssl req -new -x509 -sha256 -key ca.key -out ca.crt -days 365 ... ```