Make shorter certificate duration for catalina requirements, closes F…

…iloSottile#174
rfay · Aug 14, 2019 · 7642e8c · 7642e8c
1 parent 2d05f3b
commit 7642e8c
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/cert.go b/cert.go
@@ -63,14 +63,16 @@ func (m *mkcert) makeCert(hosts []string) {
 			OrganizationalUnit: []string{userAndHostname},
 		},
 
-		NotAfter:  time.Now().AddDate(10, 0, 0),
 
-		// Fix the notBefore to temporarily bypass macOS Catalina's limit on
-		// certificate lifespan. Once mkcert provides an ACME server, automation
+		// macOS Catalina requires a lifespan for cert of less than 825 days.
+		// Set NotBefore to yesterday
+		// Set NotAfter to 823 days from today
+		// Once mkcert provides an ACME server, automation
 		// will be the recommended way to guarantee uninterrupted functionality,
 		// and the lifespan will be shortened to 825 days. See issue 174 and
 		// https://support.apple.com/en-us/HT210176.
-		NotBefore: time.Date(2019, time.June, 1, 0, 0, 0, 0, time.UTC),
+		NotAfter:  time.Now().AddDate(0, 0, 823),
+		NotBefore: time.Now().AddDate(0,0,-1),
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		BasicConstraintsValid: true,