If I attempt to create a certificate with an expiry time after 2049 (so that openssl will use a GeneralizedTime rather than a UTCTime for the notAfter field), openssl actually generates a date in the past.
This can be seen with the following: openssl req -new -key <KEYFILE> -config <CFGFILE> -x509 -set_serial 1 -days 20000 | openssl x509 -noout -dates Which produces the following output on STDOUT: notBefore=Nov 24 14:52:00 2008 GMT notAfter=Jul 23 08:24:00 1927 GMT Please excuse me if this is a known issue. A quick Google search did not turn anything up. Kind regards, Christopher Williams, Software engineer, McAfee Inc. McAfee International Limited is registered in England and Wales with its registered address at 100 New Bridge Street, London, Company No. 02825890 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
