How can mTLS be implemented in FastAPI with a strategy where the server certificate(client-cert.pem) expires after 10 years, and the client certificate(client.p12) imported in the web browser expire after one year?
Currently, both certificates expire on the same day since PKCS#12 does not have a flag for specifying different expiration durations.
openssl genpkey -algorithm RSA -out server-key.pemopenssl req -new -key server-key.pem -out server.csropenssl x509 -req -days 3650 -in server.csr -signkey server-key.pem -out server-cert.pemClient Certificate Generationopenssl genpkey -algorithm RSA -out client-key.pemopenssl req -new -key client-key.pem -out client.csropenssl x509 -req -days 3650 -in client.csr -signkey client-key.pem -out client-cert.pemCreate PKCS#12 File for the Clientopenssl pkcs12 -export -out client.p12 -inkey client-key.pem -in client-cert.pem uvicorn.run("main:app" , host="0.0.0.0", port=PORT, ssl_keyfile="ssl/server-key.pem", ssl_certfile="ssl/server-cert.pem", ssl_ca_certs="ssl/client-cert.pem", ssl_cert_reqs=ssl.CERT_REQUIRED, reload=IS_DEVELOPMENT, )