diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
index 6dc944edd..a42feaa7e 100644
--- a/src/fu-keyring-pkcs7.c
+++ b/src/fu-keyring-pkcs7.c
@@ -642,6 +642,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
 	for (gint i = 0; i < count; i++) {
 		gnutls_pkcs7_signature_info_st info;
 		gint64 signing_time = 0;
+		gnutls_certificate_verify_flags verify_flags = 0;
+
+		/* use with care */
+		if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
+			g_debug ("WARNING: disabling time checks");
+			verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+			verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
+		}
 
 		/* verify the data against the detached signature */
 		if (flags & FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT) {
@@ -652,7 +660,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
 						  0,    /* vdata_size */
 						  i,    /* index */
 						  &datum, /* data */
-						  0);   /* flags */
+						  verify_flags);
 		}
 		if (rc < 0) {
 			g_set_error (error,
diff --git a/src/fu-keyring.h b/src/fu-keyring.h
index 39819ca47..2f20e35e1 100644
--- a/src/fu-keyring.h
+++ b/src/fu-keyring.h
@@ -20,12 +20,14 @@ G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
  * FuKeyringVerifyFlags:
  * @FU_KEYRING_VERIFY_FLAG_NONE:		No flags set
  * @FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT:	Use client certificate to verify
+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS:	Disable checking of validity periods
  *
  * The flags to use when interacting with a keyring
  **/
 typedef enum {
-	FU_KEYRING_VERIFY_FLAG_NONE		= 0,
-	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT	= 1 << 1,
+	FU_KEYRING_VERIFY_FLAG_NONE			= 0,
+	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT		= 1 << 1,
+	FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS	= 1 << 2,
 	/*< private >*/
 	FU_KEYRING_VERIFY_FLAG_LAST
 } FuKeyringVerifyFlags;
diff --git a/src/fu-self-test.c b/src/fu-self-test.c
index 363f644ef..24b121107 100644
--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
@@ -2628,7 +2628,8 @@ fu_keyring_pkcs7_func (void)
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_sig);
 	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
-					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
+					      FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
+					      &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (result_pass);
 	g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);