search

google / gnxi

gNXI Tools - gRPC Network Management/Operations Interface Tools
Apache License 2.0
258 stars 116 forks source link

provide a better lifetime window for generated certificates in gnoi_cert #241

Closed alisharif2 closed 3 years ago

alisharif2 commented 3 years ago

Right now the certificates signed by gnoi_cert can cause issues on devices whose clocks are difficult to configure. For example a device whose clock can only be configured manually. https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L106

The NotBefore field should be slightly adjusted to create a more comfortable window:

NotBefore:             time.Now().Add(-1 * time.Second),

This suggestion also applies to the generation of certificates for tls: https://github.com/google/gnxi/blob/88db804e4a557bcd83aeec38ed0d6012c0ac11ec/utils/entity/entity.go#L245

samribeiro commented 3 years ago

Thank you @alisharif2 I have used 1h instead.