Incorrect certificate expiration time

[niusmallnan]

Setup

• Rancher version: v2.6.7-rc6
• Browser type & version:

Describe the bug For some TLS certificates stored in secrets, the UI shows the wrong expiration time.

To Reproduce Deploy Rancher v2.6.7-rc6 in K3s and compare the certificate expiration time of a special k3s-serving secret.

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.24.3+k3s1" sh -s - server --cluster-init

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo add jetstack https://charts.jetstack.io
helm repo update

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml

helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.7.1

kubectl create namespace cattle-system
ec2_ip=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --set hostname=$ec2_ip.sslip.io \
  --set replicas=1 \
  --set bootstrapPassword=RancherForFun \
  --version 2.6.7-rc6

Use openssl to view expiration time:

kubectl --insecure-skip-tls-verify  get secret -n kube-system k3s-serving -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -text | grep Not
            Not Before: Aug  4 06:02:38 2022 GMT
            Not After : Aug  4 06:02:38 2023 GMT

View expiration time on UI:

Result

UI shows different from openssl.

Expected Result

UI should be consistent with openssl.

Screenshots

Additional context

I used K3s v1.24.3+k3s1, which holds two certificates at k3s-serving. Maybe the UI shows the expiration time of the second certificate.

Detailed Description

Context