From adc1d54b0dae19765eff7fdc900eba40fc108485 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Thu, 19 Sep 2019 12:37:41 -0700
Subject: [PATCH] Define valid after as 1m before now.

It avoids errors with immediate use of cert.
---
 authority/provisioner/sign_ssh_options.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go
index 2fc4a2b9..8ba35979 100644
--- a/authority/provisioner/sign_ssh_options.go
+++ b/authority/provisioner/sign_ssh_options.go
@@ -216,7 +216,7 @@ func (m *sshCertificateValidityModifier) Modify(cert *ssh.Certificate) error {
 	}
 
 	if cert.ValidAfter == 0 {
-		cert.ValidAfter = uint64(now().Unix())
+		cert.ValidAfter = uint64(now().Add(-1 * time.Minute).Unix())
 	}
 	if cert.ValidBefore == 0 {
 		t := time.Unix(int64(cert.ValidAfter), 0)