diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go
index 980ddc61a48..4e522cb4bfb 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go
@@ -18,7 +18,6 @@ package options
 
 import (
 	"fmt"
-	"time"
 
 	"github.com/google/uuid"
 
@@ -54,14 +53,11 @@ func (s *SecureServingOptionsWithLoopback) ApplyTo(secureServingInfo **server.Se
 	// to avoid kube-apiserver disruptions due to certificate expiration.
 	// When this certificate expires, restarting kube-apiserver will automatically
 	// regenerate a new certificate with fresh validity dates.
-	maxAge := (3*365 + 1) * 24 * time.Hour
+	// maxAge := (3*365 + 1) * 24 * time.Hour
 
 	// create self-signed cert+key with the fake server.LoopbackClientServerNameOverride and
 	// let the server return it when the loopback client connects.
-	certPem, keyPem, err := certutil.GenerateSelfSignedCertKeyWithOptions(certutil.SelfSignedCertKeyOptions{
-		Host:   server.LoopbackClientServerNameOverride,
-		MaxAge: maxAge,
-	})
+	certPem, keyPem, err := certutil.GenerateSelfSignedCertKeyWithFixtures(server.LoopbackClientServerNameOverride, nil, nil, s.SecureServingOptions.ServerCert.CertDirectory)
 	if err != nil {
 		return fmt.Errorf("failed to generate self-signed certificate for loopback connection: %v", err)
 	}