bmcweb Security issue

Bruce Mitchell Bruce_Mitchell at
Thu Feb 13 04:52:52 AEDT 2020

bmcweb Security issue: according to the The CA/Browser Forum ;
Subscriber Certificates issued after 1 March 2018 MUST have a Validity Period no greater than 825 days.

In bmcweb's ssl_key_handler.hpp we have:
            // Cert is valid for 10 years
                            60L * 60L * 24L * 365L * 10L);

I believe we want this changed to the 825 days.

More information about the openbmc mailing list