http://projects.puppetlabs.com/projects/1/wiki/SSL_in_The_Year2038 32-bit date overflow, same problem as the generic UNIX Y2038 bug. Use 64 bit systems 8-) George William Herbert Sent from my iPhone On Jan 4, 2013, at 1:10 AM, Woon Khai Swen <woonks@xxxxxxxxxxxx> wrote: > Found out the problem.... > > # openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem -out myCA.pem > > # openssl x509 -in myCA.pem -outform DER -out myCA.der > > Installing myCA.der as root cert shows the validity date from Friday, 4 January, 2013 4:58:39 PM to Thursday, 4 November, 1976 10:30:23 AM (1976, not 2113. it can auto back date???? :O ) > > Still figuring out why this happened, thou. Must be an openssl issue. The commands are copied directly from squid dynamic cert generation wiki. > > Thanks for the pointer. > > > > -----Original Message----- > From: Will Roberts [mailto:ironwill42@xxxxxxxxx] > Sent: Friday, 4 January, 2013 12:20 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: SSL Bump Root Certificate Expiration > > On 01/03/2013 11:16 PM, Woon Khai Swen wrote: >> Dear all, >> >> I found out the self signed ssl root cert for transparent SSL interception (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only for 365 days max, no matter how many additional days specified in openssl cert generation command line. > > Mine's good for 100 years. I'd check your command line arguments. > > --Will
