<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Thanks for the heads up. That seems to be my exact issue.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>when reading the bug description I can't tell if it’s a cosmetic error or will it affect function ?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Will it still consider it valid if its expired ? It would think not, as that’s the whole point to have an expiration date on a cert right ?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>My customer has been distributing this cert across their organization since October. I don’t think they are going to change it. Uggg <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Joe Martini [mailto:joemar2@cisco.com] <br><b>Sent:</b> Thursday, December 04, 2014 12:11 PM<br><b>To:</b> Jeremy Bresley; bvanbens@gmail.com; Josh Warcop<br><b>Cc:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> Re: [cisco-voip] VCS 8.2 won't accept Trusted CA Cert with expiration date of 40 years from now - shows it as expired Dec 31, 1969<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Brian,<span style='font-size:12.0pt'><o:p></o:p></span></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Looks like this <a href="https://tools.cisco.com/bugsearch/bug/CSCup81787">https://tools.cisco.com/bugsearch/bug/CSCup81787</a> and there is a fix in the next version.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Joe<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Dec 4, 2014, at 12:28 PM, Jeremy Bresley <<a href="mailto:brez@brezworks.com">brez@brezworks.com</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal>On 12/4/2014 9:58 AM, Brian V wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Customer provided me their root CA and intermediate CA (internal) to load on the VCS-C<o:p></o:p></p><p class=MsoNormal>The intermediate cert (expires in 20 yr) is loaded fine, when loading the root cert (expires in 40 yr) it says its already expired in 1969 !<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Is there a limit on the length of a Cert or perhaps just a bug in code ?<o:p></o:p></p><p class=MsoNormal>Anyone run into this before ?<o:p></o:p></p><p class=MsoNormal>This is the longest I've seen someone sign a cert for. Is this common to use such a long duration ?<o:p></o:p></p><p class=MsoNormal>I have a TAC case open, still waiting to be contacted by them.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p></blockquote><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><br>First thought would be 32-bit UNIX time wrapping in 2038. Pretty sure that VCS is based on Linux. The 20 year cert would be within that range, the 40 year one wouldn't be. I'd be curious if both of them being 20 years resolves it.<br><br>And I chuckled when I read it, we're going through headaches with certs and renewals/replacements right now, and I really wish I could do 40 years on them so I would be long gone before they expired and had to be replaced again. ;-)<br><br>Jeremy "TheBrez" Bresley<br><a href="mailto:brez@brezworks.com">brez@brezworks.com</a><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p></div></div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p></div></div></body></html>