Fixes to make sure the certificates are really good for three years.
So, the length of time is set in the .cnf file when signing a cert with the CA. However, the length of time the CA is good for is not set in the .cnf file (the entry is ignored). Rather, it has to be on the command line. So, the certs really were good for 3 years; it was the CA that had expired, and once that happens the certs are no longer any good. Very bogus.
Showing with 3 additions and 2 deletions