Re: Doubt regarding O-SSL and setting the duration of certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



An X509v3 certificate has “notBefore” and “notAfter” fields.  If either of those is not present, then it is not an X509v3 certificate.  The time marked by those fields is the validity period.

If you want “never expires” X509v3 certificates, the best you can do it put a very large value in the notAfter field.  Some software may have issues around 32bit representation of classic Unix time_t and therefore have problems with times greater than 2038; OpenSSL does not have those problems.

The OpenSSL command-line tools do not handle every possible corner case, including the ability to reasonably set dates that more than 7,500 years in the future.  You will have to modify the source.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux