From a1debf7b1efd8ce38ee1c29e3e8b31800ba33d16 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Wed, 26 Feb 2020 10:17:32 -0800
Subject: [PATCH] FAQ Update: Intermediate certificates should be valid for 10
 years

---
 docs/questions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/questions.md b/docs/questions.md
index f1daead4..ad1fbf7d 100644
--- a/docs/questions.md
+++ b/docs/questions.md
@@ -171,7 +171,7 @@ aws acm-pca issue-certificate \
 --csr intermediate.csr \
 --template-arn "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1" \
 --signing-algorithm "SHA256WITHRSA" \
---validity Value=365,Type="DAYS"
+--validity Value=3650,Type="DAYS"
 ```
 
 This command will return the ARN of the certificate created. Now use [get-certificate](https://docs.aws.amazon.com/cli/latest/reference/acm-pca/get-certificate.html) to fetch the intermediate certificate:
@@ -188,7 +188,7 @@ aws acm-pca get-certificate \
 ```bash
 openssl ca -config [ROOT_CA_CONFIG_FILE] \
   -extensions v3_intermediate_ca \
-  -days 365 -notext -md sha512 \
+  -days 3650 -notext -md sha512 \
   -in intermediate.csr \
   -out intermediate.crt
 ```