Nelson B wrote: > I had no trouble with the NCIPHER.ca.cer file, but I could not install > the 86536977Y.cer because NSS (the crypto library in mozilla) believes > that cert file has an invalid ASN.1 DER encoding. The reason for that > error is that the validity timestamps in that certificate are encoded > as ASN.1 GeneralizedTime, not as ASN.1 UTCTime. NSS expects certificate > validity times to be encoded as UTCTimes. > > RFC 3280 says, on page 22, section 4.1.2.5 Validity: > > CAs conforming to this profile MUST always encode certificate > validity dates through the year 2049 as UTCTime; certificate validity > dates in 2050 or later MUST be encoded as GeneralizedTime. > > Since your certificate features validity dates in the range: > 2003-05-26 through 2005-05-26 > the dates in your cert should be UTCTimes, not GeneralizedTimes.
NSS will need to support GeneralizedTime when CAs start to issue certs that expire after the year 2049. There is an enhancement request filed for GeneralizedTime support: http://bugzilla.mozilla.org/show_bug.cgi?id=143334. Wan-Teh
smime.p7s
Description: S/MIME Cryptographic Signature
