summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
a0eb4b7)
I misremembered that the durations are measured in hours, not days.
But actually 28 hours isn't enough, because hosts refresh their cache
of the certificate store at different times of night: we must have the
new certificates ready for the early risers, and the old ones must
still be valid until time that the late risers are done.
extensions tls-client-extensions
issue-time "*-*-* 03:00:00"
start-skew 1
extensions tls-client-extensions
issue-time "*-*-* 03:00:00"
start-skew 1
}
set P(tls-server) {
extensions tls-server-extensions
issue-time "*-*-* 03:00:00"
start-skew 1
}
set P(tls-server) {
extensions tls-server-extensions
issue-time "*-*-* 03:00:00"
start-skew 1