[cisco-voip] VCS 8.2 won't accept Trusted CA Cert with expiration date of 40 years from now - shows it as expired Dec 31, 1969
Joe Martini
joemar2 at cisco.com
Thu Dec 4 13:10:48 EST 2014
Brian,
Looks like this https://tools.cisco.com/bugsearch/bug/CSCup81787 and there is a fix in the next version.
Joe
On Dec 4, 2014, at 12:28 PM, Jeremy Bresley <brez at brezworks.com> wrote:
On 12/4/2014 9:58 AM, Brian V wrote:
> Customer provided me their root CA and intermediate CA (internal) to load on the VCS-C
> The intermediate cert (expires in 20 yr) is loaded fine, when loading the root cert (expires in 40 yr) it says its already expired in 1969 !
>
> Is there a limit on the length of a Cert or perhaps just a bug in code ?
> Anyone run into this before ?
> This is the longest I've seen someone sign a cert for. Is this common to use such a long duration ?
> I have a TAC case open, still waiting to be contacted by them.
>
>
First thought would be 32-bit UNIX time wrapping in 2038. Pretty sure that VCS is based on Linux. The 20 year cert would be within that range, the 40 year one wouldn't be. I'd be curious if both of them being 20 years resolves it.
And I chuckled when I read it, we're going through headaches with certs and renewals/replacements right now, and I really wish I could do 40 years on them so I would be long gone before they expired and had to be replaced again. ;-)
Jeremy "TheBrez" Bresley
brez at brezworks.com
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141204/146e40c5/attachment.html>
More information about the cisco-voip
mailing list