create client certificates with generous not_before (fixes #5884)

author: elijah <elijah@riseup.net> 2014-07-08 21:34:04 -0700
committer: elijah <elijah@riseup.net> 2014-07-08 21:34:04 -0700
commit: 19da5429308412c19176733d2b32ccbf2c08df1c (patch)
tree: 97418dbc05313f9c54b86fe3b917a2318a52a685
parent: 02000f08ab8f44533447278d8fcb141ac6598e30 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 63de9e1..d5bb1e0 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -24,7 +24,7 @@ class ClientCertificate
     cert.subject.common_name = common_name(options[:prefix])
 
     # set expiration
-    cert.not_before = yesterday
+    cert.not_before = last_month
     cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
 
     # generate key
@@ -111,6 +111,11 @@ class ClientCertificate
     Time.utc t.year, t.month, t.day
   end
 
+  def last_month
+    t = Time.now - 24*60*60*30
+    Time.utc t.year, t.month, t.day
+  end
+
   def months_from_yesterday(num)
     t = yesterday
     date = Date.new t.year, t.month, t.day
author	elijah <elijah@riseup.net>	2014-07-08 21:34:04 -0700
committer	elijah <elijah@riseup.net>	2014-07-08 21:34:04 -0700
commit	19da5429308412c19176733d2b32ccbf2c08df1c (patch)
tree	97418dbc05313f9c54b86fe3b917a2318a52a685
parent	02000f08ab8f44533447278d8fcb141ac6598e30 (diff)