From f710d9efc7051faa7808e74216ae70f8138bfc33 Mon Sep 17 00:00:00 2001
From: Gibheer <gibheer+git@zero-knowledge.org>
Date: Wed, 10 Jun 2026 21:41:59 +0200
Subject: add a new flag to set a duration

---
 create_cert.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/create_cert.go b/create_cert.go
index 56ec4ca..602d01d 100644
--- a/create_cert.go
+++ b/create_cert.go
@@ -47,6 +47,7 @@ func CreateCert(args []string) error {
 		flagKeyExtUsage   stringList
 		flagNotBefore     string
 		flagNotAfter      string
+		flagDuration      time.Duration
 		flagSerial        int64
 		flagLength        int
 		flagIsCA          bool
@@ -78,6 +79,12 @@ func CreateCert(args []string) error {
 		time.Now().Format(time.RFC3339),
 		"time after the certificate is not valid in RFC3339 format (default now)",
 	)
+	fs.DurationVar(
+		&flagDuration,
+		"duration",
+		9*time.Second,
+		"set a duration for which the certificate should be valid. If set, NotAfter will be ignored.",
+	)
 	fs.Parse(args)
 
 	if flagPrivate == "" {
@@ -114,6 +121,9 @@ func CreateCert(args []string) error {
 	if notBefore.After(notAfter) {
 		return fmt.Errorf("before and after range is wrong")
 	}
+	if flagDuration > 0*time.Second {
+		notAfter = notBefore.Add(flagDuration)
+	}
 	cert_opts := pki.CertificateOptions{
 		SerialNumber: big.NewInt(flagSerial),
 		NotBefore:    notBefore,
-- 
cgit v1.3.1