Skip to content

Commit

Permalink
Backdate notBefore to support macOS Catalina
Browse files Browse the repository at this point in the history 
Updates #174
  • Loading branch information
@FiloSottile
FiloSottile committed Jul 6, 2019
1 parent 1f0796c commit df15e0c
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion cert.go
View file
Expand Up @@ -64,7 +64,13 @@ func (m *mkcert) makeCert(hosts []string) {
},

NotAfter: time.Now().AddDate(10, 0, 0),
NotBefore: time.Now(),

// Fix the notBefore to temporarily bypass macOS Catalina's limit on
// certificate lifespan. Once mkcert provides an ACME server, automation
// will be the recommended way to guarantee uninterrupted functionality,
// and the lifespan will be shortened to 825 days. See issue 174 and
// https://support.apple.com/en-us/HT210176.
NotBefore: time.Date(2019, time.June, 1, 0, 0, 0, 0, time.UTC),

KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
BasicConstraintsValid: true,
Expand Down

1 comment on commit df15e0c

@aleksandrs-ledovskis
Copy link

@aleksandrs-ledovskis aleksandrs-ledovskis commented on df15e0c Jul 6, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FiloSottile In theory, if somebody is using mkcert in scenarios where OS clock time is different from real time (say, manually set to 2019-05-01), this would cause generation of "not-yet-valid" certs.

Could NotBefore be set to be 2019-07-01 only if time.Now() is past the date?

Please sign in to comment.