From 3ac3cec079ae39b506f3e39403c98227742bb7f6 Mon Sep 17 00:00:00 2001
From: wuchangming <wuchangmingnice@163.com>
Date: Thu, 26 May 2016 14:27:51 +0800
Subject: [PATCH] modify `notBefore`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

证书时间戳notBefore
的时间最好设置早点。当用户使用其它设备安装ca证书连接代理时，可能由于该设备的时间设置比生成证书的设备慢，会导致系统判定证书还未生效。
---
 lib/certGenerator.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/certGenerator.js b/lib/certGenerator.js
index 6f6b835..189cb65 100644
--- a/lib/certGenerator.js
+++ b/lib/certGenerator.js
@@ -13,8 +13,9 @@ function getKeysAndCert(){
   cert.publicKey = keys.publicKey;
   cert.serialNumber = '01';
   cert.validity.notBefore = new Date();
+  cert.validity.notBefore.setFullYear(cert.validity.notBefore.getFullYear() - 10); // 10 years
   cert.validity.notAfter = new Date();
-  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10); // 10 years
+  cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 10); // 10 years
   return {
     keys: keys,
     cert: cert
@@ -82,4 +83,4 @@ function generateCertsForHostname(domain, rootCAConfig){
 }
 
 module.exports.generateRootCA = generateRootCA;
-module.exports.generateCertsForHostname = generateCertsForHostname;
\ No newline at end of file
+module.exports.generateCertsForHostname = generateCertsForHostname;