diff --git a/authority/provisioner/sign_options_test.go b/authority/provisioner/sign_options_test.go
index 6c22625f..d462780e 100644
--- a/authority/provisioner/sign_options_test.go
+++ b/authority/provisioner/sign_options_test.go
@@ -276,7 +276,9 @@ func Test_validityValidator_Valid(t *testing.T) {
 }
 
 func Test_profileLimitDuration_Option(t *testing.T) {
-	n := now()
+	n, fn := mockNow()
+	defer fn()
+
 	type test struct {
 		pld   profileLimitDuration
 		so    Options
@@ -310,7 +312,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
 			assert.FatalError(t, err)
 			return test{
 				pld:  profileLimitDuration{def: 4 * time.Hour, notAfter: n.Add(6 * time.Hour)},
-				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), NotAfter: d},
+				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), NotAfter: d, Backdate: 1 * time.Minute},
 				cert: new(x509.Certificate),
 				valid: func(cert *x509.Certificate) {
 					assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
@@ -321,7 +323,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
 		"ok/valid-notAfter-nil-limit-over-default": func() test {
 			return test{
 				pld:  profileLimitDuration{def: 1 * time.Hour, notAfter: n.Add(6 * time.Hour)},
-				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour))},
+				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), Backdate: 1 * time.Minute},
 				cert: new(x509.Certificate),
 				valid: func(cert *x509.Certificate) {
 					assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
@@ -332,7 +334,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
 		"ok/valid-notAfter-nil-limit-under-default": func() test {
 			return test{
 				pld:  profileLimitDuration{def: 4 * time.Hour, notAfter: n.Add(6 * time.Hour)},
-				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour))},
+				so:   Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), Backdate: 1 * time.Minute},
 				cert: new(x509.Certificate),
 				valid: func(cert *x509.Certificate) {
 					assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
@@ -340,6 +342,28 @@ func Test_profileLimitDuration_Option(t *testing.T) {
 				},
 			}
 		},
+		"ok/over-limit-with-backdate": func() test {
+			return test{
+				pld:  profileLimitDuration{def: 24 * time.Hour, notAfter: n.Add(6 * time.Hour)},
+				so:   Options{Backdate: 1 * time.Minute},
+				cert: new(x509.Certificate),
+				valid: func(cert *x509.Certificate) {
+					assert.Equals(t, cert.NotBefore, n.Add(-time.Minute))
+					assert.Equals(t, cert.NotAfter, n.Add(6*time.Hour))
+				},
+			}
+		},
+		"ok/under-limit-with-backdate": func() test {
+			return test{
+				pld:  profileLimitDuration{def: 24 * time.Hour, notAfter: n.Add(30 * time.Hour)},
+				so:   Options{Backdate: 1 * time.Minute},
+				cert: new(x509.Certificate),
+				valid: func(cert *x509.Certificate) {
+					assert.Equals(t, cert.NotBefore, n.Add(-time.Minute))
+					assert.Equals(t, cert.NotAfter, n.Add(24*time.Hour))
+				},
+			}
+		},
 	}
 	for name, run := range tests {
 		t.Run(name, func(t *testing.T) {