config.tcl: New profile for devices which can't accept certificate updates.

[ca] / etc / config.tcl

diff --git a/etc/config.tcl b/etc/config.tcl
index 47e61b6..1c0a16c 100644 (file)
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -14,16 +14,23 @@ set C(ca-name) {
 
 set P(tls-client) {
   extensions tls-client-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
 }
 
 set P(tls-server) {
   extensions tls-server-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
+}
+
+set P(tls-server-longterm) {
+  extensions tls-server-extensions
+  issue-time "*-*-* 00:00:00"
+  start-skew 1
+  expire-interval 43838
 }
 
 proc update-hook {} {