Re: [squid-users] SSL Bump Root Certificate Expiration

http://projects.puppetlabs.com/projects/1/wiki/SSL_in_The_Year2038

32-bit date overflow, same problem as the generic UNIX Y2038 bug.

Use 64 bit systems 8-)

George William Herbert
Sent from my iPhone

On Jan 4, 2013, at 1:10 AM, Woon Khai Swen <woonks_at_ioigroup.com> wrote:

> Found out the problem....
>
> # openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem -out myCA.pem
>
> # openssl x509 -in myCA.pem -outform DER -out myCA.der
>
> Installing myCA.der as root cert shows the validity date from ‎Friday, ‎4 ‎January, ‎2013 4:58:39 PM to ‎Thursday, ‎4 ‎November, ‎1976 10:30:23 AM (1976, not 2113. it can auto back date???? :O )
>
> Still figuring out why this happened, thou. Must be an openssl issue. The commands are copied directly from squid dynamic cert generation wiki.
>
> Thanks for the pointer.
>
>
>
> -----Original Message-----
> From: Will Roberts [mailto:ironwill42_at_gmail.com]
> Sent: Friday, 4 January, 2013 12:20 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] SSL Bump Root Certificate Expiration
>
> On 01/03/2013 11:16 PM, Woon Khai Swen wrote:
>> Dear all,
>>
>> I found out the self signed ssl root cert for transparent SSL interception (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only for 365 days max, no matter how many additional days specified in openssl cert generation command line.
>
> Mine's good for 100 years. I'd check your command line arguments.
>
> --Will
Received on Fri Jan 04 2013 - 10:31:47 MST