Account for systems not running in UTC
If a system is not running in UTC, (for example, if it runs in UTC+1)
the date that is used as start validity date for the certificate is
UTC+1, but it is interpreted as the client as being a date in UTC.
This results in a certificate that cannot be used for 1h (in this case)
until the UTC time corresponds to the date set in the certificate.
Of course the further east of the UTC lien you go, the bigger this
problem becomes.
This commit also changes the expiration date so the certs always
end in 2 years UTC, not 2 years +/- some hours.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>