Reduce default CRL lifetime to 20min

certidude/signer.py

@@ -129,7 +129,8 @@ class SignHandler(asynchat.async_chat):
 
             builder = x509.CertificateRevocationListBuilder(
                 ).last_update(now
-                ).next_update(now + timedelta(days=1)
+                ).next_update(
+                    now + timedelta(seconds=config.REVOCATION_LIST_LIFETIME)
                 ).issuer_name(self.server.certificate.issuer
                 ).add_extension(
                     x509.AuthorityKeyIdentifier.from_issuer_public_key(

certidude/templates/certidude.conf

@@ -61,7 +61,7 @@ database = sqlite://{{ directory }}/db.sqlite
 
 [signature]
 certificate lifetime = 1825
-revocation list lifetime = 1
+revocation list lifetime = 1200
 certificate url = {{ certificate_url }}
 revoked url = {{ revoked_url }}