Skip to content
Permalink
Browse files

Backdate notBefore to support macOS Catalina

Updates #174
  • Loading branch information...
FiloSottile committed Jul 6, 2019
1 parent 1f0796c commit df15e0c1efd3b2f372170e6866cac54df720e724
Showing with 7 additions and 1 deletion.
  1. +7 −1 cert.go
@@ -64,7 +64,13 @@ func (m *mkcert) makeCert(hosts []string) {
},

NotAfter: time.Now().AddDate(10, 0, 0),
NotBefore: time.Now(),

// Fix the notBefore to temporarily bypass macOS Catalina's limit on
// certificate lifespan. Once mkcert provides an ACME server, automation
// will be the recommended way to guarantee uninterrupted functionality,
// and the lifespan will be shortened to 825 days. See issue 174 and
// https://support.apple.com/en-us/HT210176.
NotBefore: time.Date(2019, time.June, 1, 0, 0, 0, 0, time.UTC),

KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
BasicConstraintsValid: true,

1 comment on commit df15e0c

@aleksandrs-ledovskis

This comment has been minimized.

Copy link

commented on df15e0c Jul 6, 2019

@FiloSottile In theory, if somebody is using mkcert in scenarios where OS clock time is different from real time (say, manually set to 2019-05-01), this would cause generation of "not-yet-valid" certs.

Could NotBefore be set to be 2019-07-01 only if time.Now() is past the date?

Please sign in to comment.
You can’t perform that action at this time.