Version: 0.9.8c Summary: database file index.txt get malformed on large expiry date. Description: We increased the expiration duration for new certificates up to 365000 days (1000 years) since we noted that it is not nessecary to have certificates which expires for our purpose.
When i signed the first certificate with an expiration duration of 1000
years this doesn't seemed to be a problem, but when I tried to sign the
next one openssl has problems to read the database file index.txt and
aborts with following message:
entry 26: invalid expiry date
removing everytime the last entry from index.txt works as work around,
but i think this is a bug in openssl.
Here is the command I am using for signing my certificates:
openssl ca -in requests/user.csr -cert ../CA.crt \
-keyfile ../CA.key -out certificates/user.crt \
-config ../openssl.cnf
In openssl.cnf i set default_days to 365000.
signature.asc
Description: PGP signature
