http://projects.puppetlabs.com/projects/1/wiki/SSL_in_The_Year2038
32-bit date overflow, same problem as the generic UNIX Y2038 bug. Use 64 bit systems 8-) George William Herbert Sent from my iPhone On Jan 4, 2013, at 1:10 AM, Woon Khai Swen <woo...@ioigroup.com> wrote: > Found out the problem.... > > # openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem > -out myCA.pem > > # openssl x509 -in myCA.pem -outform DER -out myCA.der > > Installing myCA.der as root cert shows the validity date from Friday, 4 > January, 2013 4:58:39 PM to Thursday, 4 November, 1976 10:30:23 AM > (1976, not 2113. it can auto back date???? :O ) > > Still figuring out why this happened, thou. Must be an openssl issue. The > commands are copied directly from squid dynamic cert generation wiki. > > Thanks for the pointer. > > > > -----Original Message----- > From: Will Roberts [mailto:ironwil...@gmail.com] > Sent: Friday, 4 January, 2013 12:20 PM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] SSL Bump Root Certificate Expiration > > On 01/03/2013 11:16 PM, Woon Khai Swen wrote: >> Dear all, >> >> I found out the self signed ssl root cert for transparent SSL interception >> (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only >> for 365 days max, no matter how many additional days specified in openssl >> cert generation command line. > > Mine's good for 100 years. I'd check your command line arguments. > > --Will
