Paul Cronholm wrote:
>
> Further i wonder if there is a way to generate certificates that never
> expires (infinite days valid),
> and if not what is the max?
>
The time in certificates is represented by either a UTCTime or
GeneralizedTime structure. You aren't allowed to omit the expiry date
and you can't have a certificate that literally never expires but you
don't need to.
The limit for UTCTime is 2049 the limit for GeneralizedTime is 9999 but
not all software packages support GeneralizedTime.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
