Song Yi wrote:
>
> Hi,
> I have looked the parameter of openssl ca command:
>
> -enddate date
> this allows the expiry date to be explicitly set. The
> format of the date is YYMMDDHHMMSSZ (the same as an ASN1
> UTCTime structure).
>
> So, can I make a never expire cert?
>
You can't. There's no provision for this in the various specifications.
You can however specify an expiry year of 2049 while still keeping to
UTCTime or 9999 for GeneralizedTime though the latter may choke many
implementations.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
