1 files changed, 9 insertions, 6 deletions

diff --git a/tests/auth/cert b/tests/auth/cert
index 87ec9b5..9355af8 100755
--- a/tests/auth/cert
+++ b/tests/auth/cert
@@ -4,25 +4,28 @@
 #
 # openssl genrsa 4096 > key.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config default-openssl.cnf > \
+# Note that for glibc versions prior to 2.34 there is an issue on i686 with
+# using certificates with expiration date beyond 2038.
+#
+openssl req -x509 -new -key key.pem -days 5475 -config default-openssl.cnf > \
 	default-cert.pem
 
 cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \
   sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp
 
-openssl req -x509 -new -key key.pem -days 36500 -config mismatch-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config mismatch-openssl.cnf > \
         mismatch-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config noemail-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config noemail-openssl.cnf > \
         noemail-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 \
+openssl req -x509 -new -key key.pem -days 5475 \
 	-config subdomain-openssl.cnf > subdomain-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config self-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config self-openssl.cnf > \
         self-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config self-any-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config self-any-openssl.cnf > \
         self-any-cert.pem
 
 # Normally, you have no reason to regenerate expired-cert.pem, as need to keep