On Mon, 13 Jul 2015 12:25:40 +0530 Nayna Jain <naynjain at in.ibm.com> wrote: > > Hi all, > > I am programmatically generating the self signed certificate and need > to specify the "Not Before" and "Not After" date, > > Wanted to understand what all formats are acceptable by this API ? X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure. You can use ASN1_TIME_set function to fill this structure. It expects integer time_t value. X509_cmp_time also expects integer time_t value. So integer number of seconds since the beginning of the epoch (1.1.1970 GMT) is everything you need. There is also ASN1_TINE_set_string function, which does deal with some datetime format, but I suggest never use it. Use C runtime library function strptime, which allows to specify format explicitely or mktime to prepare time_t value from the user input. And use OpenSSL ASN1_TIME_print function to convert ASN1_TIME to human-readble form. > > Also, similarly while using API , what exactly is the time format > expected by X509_cmp_time(X509_get_notAfter(iv_pX509), .......); > > Thanks & Regards, > Nayna Jain
