> From: owner-openssl-...@openssl.org On Behalf Of sandeep kiran p > Sent: Sunday, 05 December, 2010 06:01
Aside: this isn't a -dev question, -users would have been better. > Did iis.cer get generated properly? No, see below. > On Fri, Dec 3, 2010 at 8:59 AM, Sudershan Raj <brajna...@gmail.com> wrote: (rewrapped) > C:\ssl>openssl ca -policy policy_anything -config openssl.conf > -cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key > -days 9999 -out certs/iis.cer Aside: CA cert and keyfile can be specified in the .conf, and IMO should since they should be fixed for a given CA instance. Default policy and days can also be specified, especially if you have a more or less consistent practice, although it's reasonable to override them per request if they vary. > Certificate is to be certified until Bad time value (9999 days) Until recently (I believe 1.0.0) OpenSSL computes notAfter time using standard-C time_t. Generally on 32-bit systems time_t cannot handle times after early 2038, which today+9999 is. http://en.wikipedia.org/wiki/Year_2038_problem ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org