Change expiration time of PhenixID OneTouch certificate
This document describes how to change the default expiration date for PhenixID OneTouch certificates. This applies to the built-in Certificate Authority that ships with the PhenixID Authentication Services platform.
When integrating with external PKI/CA, please consult the CA supplier documentation.
Configuration
- Shutdown the PhenixID service
- Open config/phenix-store.json in a text editor
- Locate CA_CONFIGURATIONS
- Locate the CA object used for PhenixID OneTouch certificates.
"name" : "PhenixID One Touch CA
- Change the config->ca_profiles->0->rules->not_after->value. Default is 365 days.
The duration syntax follows the ISO8601 intervall standard.
Examples:
This will make PhenixID OneTouch certificates expire 10 days after activation.
"not_after" : {
"value" : "duration:P10D"
}
This will make PhenixID OneTouch certificates expire 36 hours after activation.
"not_after" : { "value" : "duration:PT36H" }