Define valid after as 1m before now.

It avoids errors with immediate use of cert.
2019-09-19 12:37:41 -07:00 · 2019-09-19 12:37:41 -07:00 · adc1d54b0d
commit adc1d54b0d
parent 81093c3080
1 changed files with 1 additions and 1 deletions
--- a/authority/provisioner/sign_ssh_options.go
+++ b/authority/provisioner/sign_ssh_options.go
@ -216,7 +216,7 @@ func (m *sshCertificateValidityModifier) Modify(cert *ssh.Certificate) error {
 	}

 	if cert.ValidAfter == 0 {
-		cert.ValidAfter = uint64(now().Unix())
+		cert.ValidAfter = uint64(now().Add(-1 * time.Minute).Unix())
 	}
 	if cert.ValidBefore == 0 {
 		t := time.Unix(int64(cert.ValidAfter), 0)