We are facing a strange Issue while generating SSL certificate using
Apache 2.216 + openssl 0.9.8o with command
>> openssl x509 -req -passin pass:xxxx -days 9999 -in server.csr -signkey server.key –out server.crt
the script executes with following error:
Loading 'screen' into random state - done
Signature ok
subject=/CN=vdmd-inst-test2.panacya.com
Getting Private key
3344:error:0D0AF0AD:asn1 encoding routines:ASN1_TIME_set:error getting
time:.\crypto\asn1\a_time.c:109:
3344:error:0D0AF0AD:asn1 encoding routines:ASN1_TIME_set:error getting
time:.\crypto\asn1\a_time.c:109:
and generates certificate(.crt) file with 0 kb size.
We found that the error is due to the –days 9999 option. And when we
change the value 9996 this works fine. and 9999 was working fine three
date before (03-sept-2010. it seems to be issue related to the date
range.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org
Well, January 1st, 2038 is approximately 9999 days from now, and that's when the Unix time_t overflows 31 bits. IIRC, both of the actual certificate representations (UTCTIME and GENERALIZEDTIME) can handle timestamps outside that range, but openssl's ASN1_TIME_set() takes a time_t.
OpenSSL 0.9.8 relies on the OS supplied time routines which can return
errors. In this case it is the year 2038 issue. If you use OpenSSL 1.0.0
or later it uses its own date calculations and it should work OK.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org