diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp
index 3bed45c..f3e0e43 100644
--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -484,6 +484,10 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo
 
 	MESA_load_profile_int_def(profile, section, "cert_expire_time", &(keeper->cert_expire_time), 24);
 	keeper->cert_cache = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds);
+	if (keeper->cert_expire_time != -1)
+	{
+		keeper->hash_expire_seconds = MIN(keeper->cert_expire_time * 1800, (int)(keeper->hash_expire_seconds));
+	}	
 	if(0==strcmp(keeper->untrusted_ca_path, keeper->trusted_ca_path))
 	{
 		TFE_LOG_ERROR(logger, "Warnning: Trusted and Untrusted Root CA share the same path %s .", keeper->trusted_ca_path);
diff --git a/platform/src/ssl_utils.cpp b/platform/src/ssl_utils.cpp
index 97865f8..d84de7b 100644
--- a/platform/src/ssl_utils.cpp
+++ b/platform/src/ssl_utils.cpp
@@ -691,7 +691,7 @@ X509 * ssl_x509_forge(X509 * cacrt, EVP_PKEY * cakey, X509 * origcrt, EVP_PKEY *
 	else
 	{
 		if(!X509_gmtime_adj(X509_get_notBefore(crt), (long)(0 - cert_expire_time * 1800)) ||
-		   !X509_gmtime_adj(X509_get_notAfter(crt), (long)(cert_expire_time * 1800))
+		   !X509_gmtime_adj(X509_get_notAfter(crt), (long)(cert_expire_time * 1800)))
 		{
 			goto errout;
 		}