On Thu, 2015-09-24 at 13:23 +1000, Manger, James wrote: > The cert's notBefore field is a UTCTime value (2-digit year), while > the notAfter field is a GeneralizedTime value (4-digit year). I don't > think I has seen that before, but it is valid.
Hi, Thanks for the comments, they should be addressed in the next update. About the times, that's an RFC5280 requirement. "CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime." The notAfter is a date over 2050 (in fact its the 'no well defined expiration date'). regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls