From 22e1ddcc4852ed93b2c34ef13fbb287f794200ae Mon Sep 17 00:00:00 2001
From: liz <liz@heptio.com>
Date: Wed, 29 Aug 2018 17:57:02 -0400
Subject: [PATCH] Actually renew certificates (using on-disk CAs)

Kubernetes-commit: 76be5ca581818227062f7d0638cb772bb862bdb9
---
 util/cert/cert.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/cert/cert.go b/util/cert/cert.go
index 0d6794bb..fe2158b2 100644
--- a/util/cert/cert.go
+++ b/util/cert/cert.go
@@ -20,6 +20,7 @@ import (
 	"bytes"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rand"
 	cryptorand "crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -87,7 +88,7 @@ func NewSelfSignedCACert(cfg Config, key *rsa.PrivateKey) (*x509.Certificate, er
 
 // NewSignedCert creates a signed certificate using the given CA certificate and key
 func NewSignedCert(cfg Config, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error) {
-	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64))
+	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
 	if err != nil {
 		return nil, err
 	}