Using a TestSigner was causing problems because go1.16 has this change:
> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.
See https://golang.org/doc/go1.16#crypto/x509
An old PR (#7623) was merged after #9585. The old code was incompatible with the new
changes, but none of the lines caused a git conflict so the merge was allowed.
The incompatible changes caused the tests to fail. This fixes the old code to
work with the new changes.
* Switch to WithinDuration to improve test
This test was flaky before because of the time logic. Now it uses
WithinDuration and should be correct.
Fixes https://github.com/hashicorp/consul/issues/6857.