Issue with Create Cert with notBefore time in the past.

12 views

Skip to first unread message

Ipsit Kumar

unread,

Jun 7, 2023, 11:09:19 PM6/7/23

to cert-manager-dev

Hi Team,

I have a doubt about CertificateSpec API. It currently accepts duration only. Based on duration notBefore is set to current time and notAfter is set to currentTime + duration.

We have a use case of generating short lived cert Example 1 day. Also, some clients might have incorrect time set based on timezone +-12 hours. Is there a way we can tweak notBefore to accept time in past to avoid cert failures ?

We have to address the time drift in cert generation and use timezone.

For instance, with openssl l typically with shell we use libfaketime to achieve it.

Ref: https://unix.stackexchange.com/questions/359225/create-self-signed-certificate-with-end-date-in-the-past

Any leads can help me move ahead.

Best Regards,

Ipsit.

Reply all

Reply to author

Forward

0 new messages