0

Order URL / notAfter

Hi!

When sending a `notAfter` value (set to 1 day in the future for example) to the order url https://api.test4.buypass.no/acme-v02/new-order the value seems to be ignored and I get a certificate with a lifetime of 180 days.

According to https://datatracker.ietf.org/doc/html/rfc8555#section-7.4:

The server MUST return an error if it cannot fulfill the request as
specified, and it MUST NOT issue a certificate with contents other
than those requested.  If the server requires the request to be
modified in a certain way, it should indicate the required changes
using an appropriate error type and description.

If the server is willing to issue the requested certificate, it
responds with a 201 (Created) response.  The body of this response is
an order object reflecting the client's request and any
authorizations the client must complete before the certificate will
be issued.
2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hello. I'm really sorry for the late response, but there is no way to change the lifetime of the certificate as for now. 

    Have a nice day!

    Best regards, Daniel
    2nd Line, Customer Support.

    Like 1
  • Hello Daniel,

    thank you for the response! Sorry for being unclear in my question. I'm aware that the lifetime is fixed (180 days).

    The problem arises if users of my ACME-Client set a "notAfter" value, then this value gets silently ignored by the server. So the user gets something he did not request.

    The RFC says that the server MUST NOT isse a certificate if it cannot fulfill the request as specified, instead the server MUST return an error.

    My question is, if you have plans to align your ACME implementation with the RFC in this respect?

    Thanks!

    Stefan

    Like
Like Follow
  • 1 mth agoLast active
  • 2Replies
  • 30Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains