system: 825 days is the current maximum so use it

Learned this the hard way on macOS Catalina behaviour.  Since this
is a new policy enforced since 2019 it's safe to increase the defaults
(which were 10 years before) as well.  Likely makes a few users
happy that had VPN certificates run out over the years.

src/etc/inc/plugins.inc.d/webgui.inc

@@ -100,7 +100,7 @@ function webgui_configure_do($verbose = false, $interface = '')
                 /* XXX ought to be replaced by PHP calls */
                 '/usr/local/bin/openssl req -new -extensions server_cert ' .
                 '-config /usr/local/etc/ssl/opnsense.cnf ' .
-                '-newkey rsa:4096 -sha256 -days 365 -nodes -x509 ' .
+                '-newkey rsa:4096 -sha256 -nodes -x509 ' .
                 '-subj "/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense" ' .
                 '-keyout /tmp/ssl.key -out /tmp/ssl.crt'
             );

src/etc/ssl/opnsense.cnf

@@ -71,7 +71,7 @@ cert_opt	= ca_default		# Certificate field options
 # crlnumber must also be commented out to leave a V1 CRL.
 crl_extensions	= crl_ext
 
-default_days	= 365			# how long to certify for
+default_days	= 825			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= default		# use public key default MD
 preserve	= no			# keep passed DN ordering

src/wizard/openvpn.xml

@@ -384,8 +384,8 @@
                 <displayname>Lifetime</displayname>
                 <type>input</type>
                 <size>10</size>
-                <value>365</value>
-                <description>Lifetime in days. This is commonly set to 365 (Approximately 1 year.)</description>
+                <value><F9>825</value>
+                <description>Lifetime in days. This is commonly set to 825 (approximately 2 years).</description>
                 <bindstofield>wizardtemp->step6->lifetime</bindstofield>
             </field>
             <field>
@@ -511,10 +511,10 @@
             <field>
                 <name>lifetime</name>
                 <displayname>Lifetime</displayname>
-                <description>Lifetime in days. This is commonly set to 365 (Approximately 1 year.)</description>
+                <description>Lifetime in days. This is commonly set to 825 (approximately 2 years).</description>
                 <type>input</type>
                 <size>10</size>
-                <value>365</value>
+                <value>825</value>
                 <bindstofield>wizardtemp->step9->lifetime</bindstofield>
             </field>
             <field>

src/www/system_camanager.php

@@ -185,7 +185,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $pconfig['keytype'] = "RSA";
         $pconfig['keylen'] = "2048";
         $pconfig['digest_alg'] = "sha256";
-        $pconfig['lifetime'] = "365";
+        $pconfig['lifetime'] = "825";
         $pconfig['dn_commonname'] = "internal-ca";
     } elseif ($act == "exp") {
         if (!isset($id)) {

src/www/system_certmanager.php

@@ -280,8 +280,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $pconfig['csr_keytype'] = "RSA";
         $pconfig['csr_keylen'] = "2048";
         $pconfig['csr_digest_alg'] = "sha256";
-        $pconfig['lifetime'] = "365";
-        $pconfig['lifetime_sign_csr'] = "365";
+        $pconfig['lifetime'] = "825";
+        $pconfig['lifetime_sign_csr'] = "825";
         $pconfig['cert_type'] = "usr_cert";
         $pconfig['cert'] = null;
         $pconfig['key'] = null;