diff --git a/jams-ca/crl.pem b/jams-ca/crl.pem
deleted file mode 100644
index 11df6239fd914fbb807755737216c113adb6c5bd..0000000000000000000000000000000000000000
Binary files a/jams-ca/crl.pem and /dev/null differ
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
index d6e2b6ded383e48963c2abbb2d2b167e47b4e3a7..20211087fbd8e97be6af5f728bdbb0c98d136ade 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
@@ -33,6 +33,8 @@ import net.jami.jams.common.objects.user.User;
 @Slf4j
 public class CertificateWorker {
 
+    public static final long SHIFT = 43200000L;
+
     //The CSR here is null because we generate a certificate and keypair.
     public static SystemAccount getSignedCertificate(SystemAccount systemAccount) {
         switch (systemAccount.getSystemAccountType()){
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
index 40a1b9929af3847955f3e2e730b20fe2d7f75167..c15443567e8711b42740bccea0f61bb186e66e9d 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
@@ -36,6 +36,8 @@ import java.math.BigInteger;
 import java.security.SecureRandom;
 import java.util.Date;
 
+import static net.jami.jams.ca.workers.csr.CertificateWorker.SHIFT;
+
 @Slf4j
 public class DeviceBuilder {
 
@@ -47,7 +49,7 @@ public class DeviceBuilder {
             X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
                     new JcaX509CertificateHolder(user.getCertificate()).getSubject(),
                     new BigInteger(256, new SecureRandom()),
-                    new Date(System.currentTimeMillis()),
+                    new Date(System.currentTimeMillis() - SHIFT),
                     new Date(System.currentTimeMillis() + JamsCA.deviceLifetime),
                     device.getCertificationRequest().getSubject(),
                     device.getCertificationRequest().getSubjectPublicKeyInfo()
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
index eb43f856137387ec45b6bc00e6adc4acb96af24b..6570601bb556d0c72c05c111c815303340e9f966 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
@@ -38,6 +38,8 @@ import java.security.KeyPairGenerator;
 import java.security.SecureRandom;
 import java.util.Date;
 
+import static net.jami.jams.ca.workers.csr.CertificateWorker.SHIFT;
+
 @Slf4j
 public class UserBuilder {
 
@@ -49,7 +51,7 @@ public class UserBuilder {
             X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
                     new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
                     new BigInteger(256, new SecureRandom()),
-                    new Date(System.currentTimeMillis()),
+                    new Date(System.currentTimeMillis() - SHIFT),
                     new Date(System.currentTimeMillis() + JamsCA.userLifetime),
                     new X500Name(user.getX509Fields().getDN()),
                     SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
diff --git a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
index ae33580adaf5cdd94b9b9e1c99c319b68c18f9c0..6ac48c34e9f7e5d0c19d3a50b70036254ca2edbd 100644
--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -46,10 +46,10 @@ public class TomcatConnectorFactory {
         Connector connector = new Connector();
         SSLHostConfig sslConfig = new SSLHostConfig();
         SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslConfig, SSLHostConfigCertificate.Type.RSA);
-        sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
+        sslHostConfigCertificate.setCertificateChainFile(System.getProperty("user.dir") + File.separator + certificateFile);
         sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
         sslConfig.addCertificate(sslHostConfigCertificate);
-        sslConfig.setProtocols("TLSv1.2");
+        sslConfig.setProtocols("TLSv1,TLSv1.2,TLSv1.3");
         connector.addSslHostConfig(sslConfig);
         connector.setPort(port);
         connector.setSecure(true);