Closed alisharif2 closed 3 years ago
Right now the certificates signed by gnoi_cert can cause issues on devices whose clocks are difficult to configure. For example a device whose clock can only be configured manually. https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L106
The NotBefore field should be slightly adjusted to create a more comfortable window:
NotBefore
NotBefore: time.Now().Add(-1 * time.Second),
This suggestion also applies to the generation of certificates for tls: https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L245
Thank you @alisharif2 I have used 1h instead.
Right now the certificates signed by gnoi_cert can cause issues on devices whose clocks are difficult to configure. For example a device whose clock can only be configured manually. https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L106
The
NotBefore
field should be slightly adjusted to create a more comfortable window:This suggestion also applies to the generation of certificates for tls: https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L245