pki: document certificate lifetime options (#283)

Signed-off-by: Kyle McCullough <kylemcc@gmail.com> Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
2025-04-22 04:56:17 -04:00 · 2022-12-06 17:53:42 -08:00 · 2022-12-06 17:53:42 -08:00 · a2742d8d8d
commit a2742d8d8d
parent fed989d550
2 changed files with 10 additions and 5 deletions
--- a/src/docs/markdown/caddyfile/options.md
+++ b/src/docs/markdown/caddyfile/options.md
@ -115,9 +115,10 @@ Possible options are:
 	# PKI Options
 	pki {
 		ca [<id>] {
-			name            <name>
-			root_cn         <name>
-			intermediate_cn <name>
+			name                  <name>
+			root_cn               <name>
+			intermediate_cn       <name>
+			intermediate_lifetime <duration>
 			root {
 				format <format>
 				cert   <path>
@ -446,6 +447,9 @@ The name to put in the CommonName field of the root certificate. Default: `{pki.
 ##### `intermediate_cn`
 The name to put in the CommonName field of the intermediate certificates. Default: `{pki.ca.name} - ECC Intermediate`

+##### `intermediate_lifetime`
+The [duration](/docs/conventions#durations) for which intermediate certificates are valid. This value must be less than the lifetime of the root cert (`3600d`). Default: `7d`. It is recommended not to change this unless absolutely necessary.
+
 ##### `root`
 A key pair (certificate and private key) to use as the root for the CA. If not specified, one will be generated and managed automatically.