We must reissue certificates early, because hosts stagger their update
of the certificate store throughout the night.
set P(tls-client) {
extensions tls-client-extensions
set P(tls-client) {
extensions tls-client-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
start-skew 1
expire-interval 32
}
set P(tls-server) {
extensions tls-server-extensions
start-skew 1
expire-interval 32
}
set P(tls-server) {
extensions tls-server-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
start-skew 1
expire-interval 32
}
start-skew 1
expire-interval 32
}