Fix ISRG Root X1 and X2 expiration dates

[mnordhoff]

Unless I'm missing something, ISRG Root X1 was exactly 5 years off, and ISRG Root X2 was 5 years and 13 days off.

See e.g. https://crt.sh/?id=9314791 and https://crt.sh/?id=3335562555, or other certificate examination tools.

        Issuer: (CA ID: 7394)
            commonName                = ISRG Root X1
            organizationName          = Internet Security Research Group
            countryName               = US
        Validity
            Not Before: Jun  4 11:04:38 2015 GMT
            Not After : Jun  4 11:04:38 2035 GMT
        Subject: (CA ID: 7394)
            commonName                = ISRG Root X1
            organizationName          = Internet Security Research Group
            countryName               = US

        Issuer: (CA ID: 183269)
            commonName                = ISRG Root X2
            organizationName          = Internet Security Research Group
            countryName               = US
        Validity
            Not Before: Sep  4 00:00:00 2020 GMT
            Not After : Sep 17 16:00:00 2040 GMT
        Subject: (CA ID: 183269)
            commonName                = ISRG Root X2
            organizationName          = Internet Security Research Group
            countryName               = US

(I absolutely did not test if this builds.)

[jcjones]

The Chrome Root Program Policy v1.5 has limited roots in their program to a maximum lifetime of 15 years from generation, which is the source these shorter validity periods.

[mnordhoff]

OhhhhhhhhHHHHHHHhh. So I was missing something! :-) Sorry.

It says "As such, the end-of-validity dates given below are approximate, based on current Root Program policies." but I didn't make the connection.