From 5b8cd4944b4ffe00ce415f2651b99425d9b1cc3b Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasurde@redhat.com>
Date: Wed, 1 Jul 2020 18:58:50 +0530
Subject: [PATCH] x509_certificate: Update docs for macOS 10.15 requirements
 (#78)

selfsigned_not_after and ownca_not_after values for macOS 10.15,
can be +825d. Updated the docs accordingly.

Migrated from ansible/ansible#64563

Thanks to Sironheart

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
---
 plugins/modules/x509_certificate.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/modules/x509_certificate.py b/plugins/modules/x509_certificate.py
index 37e96de2..f974d29a 100644
--- a/plugins/modules/x509_certificate.py
+++ b/plugins/modules/x509_certificate.py
@@ -155,6 +155,8 @@ options:
             - Note that if using relative time this module is NOT idempotent.
             - If this value is not specified, the certificate will stop being valid 10 years from now.
             - This is only used by the C(selfsigned) provider.
+            - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
+              Please see U(https://support.apple.com/en-us/HT210176) for more details.
         type: str
         default: +3650d
         aliases: [ selfsigned_notAfter ]
@@ -245,6 +247,8 @@ options:
             - Note that if using relative time this module is NOT idempotent.
             - If this value is not specified, the certificate will stop being valid 10 years from now.
             - This is only used by the C(ownca) provider.
+            - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
+              Please see U(https://support.apple.com/en-us/HT210176) for more details.
         type: str
         default: +3650d