[cisco-voip] VCS 8.2 won't accept Trusted CA Cert with expiration date of 40 years from now - shows it as expired Dec 31, 1969
Jeremy Bresley
brez at brezworks.com
Thu Dec 4 12:28:12 EST 2014
On 12/4/2014 9:58 AM, Brian V wrote:
>
> Customer provided me their root CA and intermediate CA (internal) to
> load on the VCS-C
>
> The intermediate cert (expires in 20 yr) is loaded fine, when loading
> the root cert (expires in 40 yr) it says its already expired in 1969 !
>
> Is there a limit on the length of a Cert or perhaps just a bug in code ?
>
> Anyone run into this before ?
>
> This is the longest I've seen someone sign a cert for. Is this common
> to use such a long duration ?
>
> I have a TAC case open, still waiting to be contacted by them.
>
>
First thought would be 32-bit UNIX time wrapping in 2038. Pretty sure
that VCS is based on Linux. The 20 year cert would be within that
range, the 40 year one wouldn't be. I'd be curious if both of them
being 20 years resolves it.
And I chuckled when I read it, we're going through headaches with certs
and renewals/replacements right now, and I really wish I could do 40
years on them so I would be long gone before they expired and had to be
replaced again. ;-)
Jeremy "TheBrez" Bresley
brez at brezworks.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141204/328cf1a3/attachment.html>
More information about the cisco-voip
mailing list