Home

notBefore

Not Before is a timestamp used to define the start of a validity window for digital credentials such as X.509 certificates and certain tokens. In X.509 certificates, Not Before is part of the certificate’s Validity period, which also includes Not After. The Not Before value specifies the earliest moment the certificate is considered valid and usable for authentication or TLS handshakes.

In X.509, Not Before is encoded in the certificate as a time value using either UTCTime or

Validation semantics are straightforward: during certificate verification, software checks that the current time t satisfies Not

Not Before also appears in similar contexts outside X.509. For JSON Web Tokens, a comparable concept exists

Understanding Not Before helps ensure correct timing for certificate trust, renewals, revocation decisions, and secure communications.

GeneralizedTime,
typically
represented
in
Coordinated
Universal
Time
(UTC).
In
practice,
this
field
appears
in
systems
and
tools
as
a
specific
date
and
time,
indicating
when
the
certificate
becomes
active.
Before
≤
t
≤
Not
After.
If
the
current
time
is
before
Not
Before,
the
certificate
is
not
yet
valid;
if
it
is
after
Not
After,
the
certificate
is
expired.
Applications
often
incorporate
a
small
clock
skew
tolerance
to
accommodate
minor
differences
between
systems.
as
the
not-before
(nbf)
claim,
which
defines
the
earliest
time
a
token
may
be
accepted.
It
works
in
concert
with
Not
After
to
define
a
precise
validity
window
for
credentials.