From d794b1537cb3db2d17416ef01c21cffe9607688e Mon Sep 17 00:00:00 2001 From: Andy Fox Date: Sun, 9 Nov 2025 17:03:05 -0800 Subject: [PATCH 1/2] Add unit tests for SQL Server cert Date parameters --- .../Create-SqlServerCertificate.Tests.ps1 | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/powershell/test/Public/Create-SqlServerCertificate.Tests.ps1 b/powershell/test/Public/Create-SqlServerCertificate.Tests.ps1 index b85ab28..a1b1186 100644 --- a/powershell/test/Public/Create-SqlServerCertificate.Tests.ps1 +++ b/powershell/test/Public/Create-SqlServerCertificate.Tests.ps1 @@ -59,5 +59,46 @@ $certificate.Issuer | Should -Be $signerCert.Subject } } + + Context 'When creating a self-signed certificate with DEFAULT validity period' { + It 'creates a certificate with the correct start and end dates' { + # Arrange + $commonName = 'test.sql.server' + $dnsName = 'test.sql.server' + + # Act + $certificate = Create-SqlServerCertificate -CommonName $commonName -DnsName $dnsName -SignerCertificate $signerCert + + # Assert + $certificate | Should -Not -BeNullOrEmpty + + # Check default validity period + $now = [System.DateTimeOffset]::Now + + $certificate.NotBefore | Should -BeGreaterThan ($now.DateTime.AddSeconds(-5)) + $certificate.NotBefore | Should -BeLessThan ($now.DateTime.AddSeconds(5)) + + $certificate.NotAfter | Should -BeGreaterThan ($now.AddDays(3285).DateTime.AddSeconds(-5)) + $certificate.NotAfter | Should -BeLessThan ($now.AddDays(3285).DateTime.AddSeconds(5)) + } + } + + Context 'When creating a self-signed certificate with CUSTOM validity period' { + It 'creates a certificate with the correct start and end dates' { + # Arrange + $commonName = 'test.sql.server' + $dnsName = 'test.sql.server' + $notBefore = [System.DateTimeOffset]::UtcNow.AddDays(-1) + $notAfter = [System.DateTimeOffset]::UtcNow.AddDays(365) + + # Act + $certificate = Create-SqlServerCertificate -CommonName $commonName -DnsName $dnsName -SignerCertificate $signerCert -NotBefore $notBefore -NotAfter $notAfter + + # Assert + $certificate | Should -Not -BeNullOrEmpty + $certificate.NotBefore | Should -BeGreaterThan ($notBefore.DateTime.AddSeconds(-1)) + $certificate.NotAfter | Should -BeLessThan ($notAfter.DateTime.AddSeconds(1)) + } + } } } From 65ba1edb1a5589951e8d3777809cf14eb2ac5d11 Mon Sep 17 00:00:00 2001 From: Andy Fox Date: Sun, 9 Nov 2025 19:27:03 -0800 Subject: [PATCH 2/2] Use system date on certs to fix login auth issues --- powershell/src/Public/Create-SqlServerCertificate.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/src/Public/Create-SqlServerCertificate.ps1 b/powershell/src/Public/Create-SqlServerCertificate.ps1 index 19f2ce0..f01a973 100644 --- a/powershell/src/Public/Create-SqlServerCertificate.ps1 +++ b/powershell/src/Public/Create-SqlServerCertificate.ps1 @@ -41,11 +41,11 @@ function Create-SqlServerCertificate{ [Parameter()] [System.DateTimeOffset] - $NotBefore = [System.DateTimeOffset]::UtcNow, + $NotBefore = [System.DateTimeOffset]::Now, [Parameter()] [System.DateTimeOffset] - $NotAfter = [System.DateTimeOffset]::UtcNow.AddDays(3285) + $NotAfter = [System.DateTimeOffset]::Now.AddDays(3285) ) Write-Information -MessageData "Creating a certificate for SqlServer with '$($SignerCertificate.Thumbprint)' signer." -InformationAction Continue