Version: 0.9.8c Summary: database file index.txt get malformed on large expiry date. Description: We increased the expiration duration for new certificates up to 365000 days (1000 years) since we noted that it is not nessecary to have certificates which expires for our purpose.
When i signed the first certificate with an expiration duration of 1000 years this doesn't seemed to be a problem, but when I tried to sign the next one openssl has problems to read the database file index.txt and aborts with following message: entry 26: invalid expiry date removing everytime the last entry from index.txt works as work around, but i think this is a bug in openssl. Here is the command I am using for signing my certificates: openssl ca -in requests/user.csr -cert ../CA.crt \ -keyfile ../CA.key -out certificates/user.crt \ -config ../openssl.cnf In openssl.cnf i set default_days to 365000.
signature.asc
Description: PGP signature