Description of problem:
----------------------
The certificate validity range does not conform to the values modified in the HCO CR (which are also propagated to CNAO CR).

Version-Release number of selected component (if applicable):
------------------------------------------------------------
4.9.0-249

How reproducible:
----------------
100%

Steps to Reproduce:
------------------
1. Modify the HCO CR spec.certconfig to:
{
"ca":

{ "duration": "11m", "renewBefore": "10m" }

,
"server":

{ "duration": "11m", "renewBefore": "10m" }

}

2. run the command:
$ oc get secrets -n openshift-cnv virt-template-validator-certs -ojson | jq -r '.data["tls.crt"]' | base64 -d | openssl x509 -dates -noout

Actual results:
--------------
1. The notAfter is 2 days ahead of notBefore.
2. the notBefore is 1 day earlier from the current date.

Expected results:
----------------
1. The difference should have been 11 minutes.
2. notBefore should be today.

Additional info:
---------------
$ oc get hco kubevirt-hyperconverged -n openshift-cnv -ojson |jq -C '.spec.certConfig'
{
"ca":

{ "duration": "11m", "renewBefore": "10m" }

,
"server":

{ "duration": "11m", "renewBefore": "10m" }

}
$ oc get networkaddonsconfig cluster -ojson |jq -C '.spec.selfSignConfiguration'
{
"caOverlapInterval": "10m0s",
"caRotateInterval": "11m0s",
"certOverlapInterval": "10m0s",
"certRotateInterval": "11m0s"
}

$ oc get secrets -n openshift-cnv virt-template-validator-certs -ojson | jq -r '.data["tls.crt"]' | base64 -d | openssl x509 -dates -noout
notBefore=Oct 25 10:11:19 2021 GMT
notAfter=Oct 25 10:11:20 2023 GMT