From 22da1a4fc115c87ee9044b22a120bd4d3893c864 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Mon, 22 Nov 2021 11:15:13 +0400 Subject: [PATCH] set an actual NotBefore time on the certificate --- crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto.go b/crypto.go index c893cba..f3502aa 100644 --- a/crypto.go +++ b/crypto.go @@ -194,7 +194,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) { } tmpl := &x509.Certificate{ SerialNumber: sn, - NotBefore: time.Time{}, + NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(certValidityPeriod), // According to RFC 3280, the issuer field must be set, // see https://datatracker.ietf.org/doc/html/rfc3280#section-4.1.2.4.