Re-add default NotBefore duration in PKI (#5482)

Fixes #5481
2018-10-10 09:42:37 -04:00 · 2018-10-10 09:42:37 -04:00 · 4217ced72d
parent dfb0974369
commit 4217ced72d
1 changed files with 2 additions and 0 deletions
--- a/builtin/logical/pki/cert_util.go
+++ b/builtin/logical/pki/cert_util.go
@ -1178,6 +1178,7 @@ func createCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) {

 	certTemplate := &x509.Certificate{
 		SerialNumber:   serialNumber,
+		NotBefore:      time.Now().Add(-30 * time.Second),
 		NotAfter:       data.params.NotAfter,
 		IsCA:           false,
 		SubjectKeyId:   subjKeyID,
@ -1380,6 +1381,7 @@ func signCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) {
 	certTemplate := &x509.Certificate{
 		SerialNumber:   serialNumber,
 		Subject:        data.params.Subject,
+		NotBefore:      time.Now().Add(-30 * time.Second),
 		NotAfter:       data.params.NotAfter,
 		SubjectKeyId:   subjKeyID[:],
 		AuthorityKeyId: caCert.SubjectKeyId,