diff --git a/rustls-platform-verifier/src/lib.rs b/rustls-platform-verifier/src/lib.rs
index 42d890f5..06e12369 100644
--- a/rustls-platform-verifier/src/lib.rs
+++ b/rustls-platform-verifier/src/lib.rs
@@ -4,6 +4,7 @@
 
 use rustls::ClientConfig;
 use std::sync::Arc;
+use std::time::{Duration, SystemTime};
 
 mod verification;
 pub use verification::Verifier;
@@ -71,3 +72,12 @@ pub fn tls_config() -> ClientConfig {
 pub fn verifier_for_dbg(root: &[u8]) -> Arc<dyn rustls::client::ServerCertVerifier> {
     Arc::new(Verifier::new_with_fake_root(root))
 }
+
+/// Return a fixed [SystemTime] for certificate validation purposes.
+///
+/// We fix the "now" value used for certificate validation to a fixed point in time at which
+/// we know the test certificates are valid. This must be updated if the test certificates
+/// are regenerated.
+pub fn verification_time() -> SystemTime {
+    SystemTime::UNIX_EPOCH + Duration::from_secs(1_704_304_988)
+}
diff --git a/rustls-platform-verifier/src/tests/verification_mock/mod.rs b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
index 9f0748eb..baeff659 100644
--- a/rustls-platform-verifier/src/tests/verification_mock/mod.rs
+++ b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
@@ -23,6 +23,7 @@
 use super::TestCase;
 use crate::tests::assert_cert_error_eq;
 use crate::verification::{EkuError, Verifier};
+use crate::verification_time;
 use rustls::{client::ServerCertVerifier, CertificateError, Error as TlsError};
 use std::convert::TryFrom;
 use std::net::IpAddr;
@@ -95,7 +96,7 @@ pub(super) fn verification_without_mock_root() {
         &server_name,
         &mut std::iter::empty(),
         &[],
-        std::time::SystemTime::now(),
+        verification_time(),
     );
 
     assert_eq!(
@@ -289,7 +290,7 @@ fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(test_case: &T
         &server_name,
         &mut std::iter::empty(),
         test_case.stapled_ocsp.unwrap_or(&[]),
-        std::time::SystemTime::now(),
+        verification_time(),
     );
 
     assert_cert_error_eq(
diff --git a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
index 964d2242..4f0ec288 100644
--- a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
+++ b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
@@ -42,7 +42,7 @@
 //! Thus we don't expect these tests to be flaky w.r.t. that, except for
 //! potentially poor performance.     
 use super::TestCase;
-use crate::{tests::assert_cert_error_eq, Verifier};
+use crate::{tests::assert_cert_error_eq, verification_time, Verifier};
 use rustls::{client::ServerCertVerifier, CertificateError, Error as TlsError};
 use std::convert::TryFrom;
 
@@ -145,7 +145,7 @@ fn real_world_test<E: std::error::Error>(test_case: &TestCase<E>) {
             &server_name,
             &mut std::iter::empty(),
             stapled_ocsp,
-            std::time::SystemTime::now(),
+            verification_time(),
         )
         .map(|_| ());