diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index c65eef8f03..b1e84f580a 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -1278,7 +1278,7 @@ class AssertOnlyCertificateCryptography(Certificate): def _validate_invalid_at(): if self.invalid_at[0]: - if (self.get_relative_time_option(self.invalid_at[0], 'invalid_at') > self.cert.not_valid_before) \ + if (self.get_relative_time_option(self.invalid_at[0], 'invalid_at') <= self.cert.not_valid_before) \ or (self.get_relative_time_option(self.invalid_at, 'invalid_at') >= self.cert.not_valid_after): self.message.append( 'Certificate is not invalid for the specified date (%s) - notBefore: %s - notAfter: %s' % (self.invalid_at,