diff --git a/library.c b/library.c
index 0a1b76a2..ec8880ea 100644
--- a/library.c
+++ b/library.c
@@ -35,6 +35,7 @@ struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
 
 	vpninfo->mtu = 1406;
 	vpninfo->ssl_fd = -1;
+	vpninfo->cert_expire_warning = 60 * 86400;
 	vpninfo->useragent = openconnect_create_useragent (useragent);
 	vpninfo->validate_peer_cert = validate_peer_cert;
 	vpninfo->write_new_config = write_new_config;
diff --git a/main.c b/main.c
index 21d9ffc1..4c89f003 100644
--- a/main.c
+++ b/main.c
@@ -262,6 +262,7 @@ int main(int argc, char **argv)
 	vpninfo->uid_csd_given = 0;
 	vpninfo->validate_peer_cert = validate_peer_cert;
 	vpninfo->cbdata = vpninfo;
+	vpninfo->cert_expire_warning = 60 * 86400;
 
 	if (!uname(&utsbuf))
 		vpninfo->localname = utsbuf.nodename;
diff --git a/openconnect-internal.h b/openconnect-internal.h
index e7f1dfbf..baa69a9b 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -114,6 +114,7 @@ struct openconnect_info {
 	char *hostname;
 	int port;
 	char *urlpath;
+	int cert_expire_warning;
 	const char *cert;
 	const char *sslkey;
 	X509 *cert_x509;
diff --git a/ssl.c b/ssl.c
index 9da68ab3..2af06724 100644
--- a/ssl.c
+++ b/ssl.c
@@ -831,7 +831,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo)
 	} else if (i < 0) {
 		reason = _("Client certificate has expired at");
 	} else {
-		t += 60 * 86400;
+		t += vpninfo->cert_expire_warning;
 		i = X509_cmp_time(notAfter, &t);
 		if (i < 0) {
 			reason = _("Client certificate expires soon at");