Yet, in RFC 3280, one can read :
<<
4.1.2.5 Validity
[...] Both notBefore and notAfter may be encoded as UTCTime or
GeneralizedTime.
CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime; certificate validity
dates in 2050 or later MUST be encoded as GeneralizedTime.
[...]
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
>>
> -----Message d'origine-----
> De : Erwann ABALEA [mailto:[EMAIL PROTECTED]]
> Envoyé : lundi 22 juillet 2002 12:38
> À : OpenSSL Users Mailing List
> Objet : Re: generalizedTime in certificates
>
>
> On Mon, 22 Jul 2002, Warich, Eyck wrote:
>
> > Hello there,
> >
> > i'm using openSSL for the creation of x.509 user
> certificates. I want the
> > validities [from-until] in the certificates to be encoded
> in generalizedTime
> > format (instead of utc time format). Is there a way to
> configure this (.cnf,
> > command line)?
>
> No, since X.509 certificates *must* use UTCTime. If you
> really *need* to
> have generalizedTime, then you won't have X.509 compliant
> certificates.
>
> --
> Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5
> -----
> La Fondue Bourguignone> Ca dénote du niveau
> JLC> Transitif direct, dénoter.
> la netiquette, tu oublies la netiquette
> -+- C in GNU - Sans escale : Transit direct pour connardland -+-
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
