Skip to content

Commit

Permalink
Re-add default NotBefore duration in PKI (#5482)
Browse files Browse the repository at this point in the history
Fixes #5481
  • Loading branch information
jefferai authored Oct 10, 2018
1 parent 2b713c7 commit 1200c98
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions builtin/logical/pki/cert_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -1178,6 +1178,7 @@ func createCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) {

certTemplate := &x509.Certificate{
SerialNumber: serialNumber,
NotBefore: time.Now().Add(-30 * time.Second),
NotAfter: data.params.NotAfter,
IsCA: false,
SubjectKeyId: subjKeyID,
Expand Down Expand Up @@ -1380,6 +1381,7 @@ func signCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) {
certTemplate := &x509.Certificate{
SerialNumber: serialNumber,
Subject: data.params.Subject,
NotBefore: time.Now().Add(-30 * time.Second),
NotAfter: data.params.NotAfter,
SubjectKeyId: subjKeyID[:],
AuthorityKeyId: caCert.SubjectKeyId,
Expand Down

0 comments on commit 1200c98

Please sign in to comment.