Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
Is it possible within XCA to have a certificate that has an expiration date after the root or intermediate certificate expires? I've set the appropriate settings but it reverts the expiration date to that of the parent!
No. This is by design. XCA checks it and issues a warning that it modifies the expiration times.
A certificate may not live longer than the issuer. Any chain verification will fail for the certificate if the CA lifetime has expired.
If you want it anyway, feel free to modify the sources (lib/db_x509.cpp:~500) and recompile.
Actually, I'd prefer a checkbox to be added to the dialog that allows the date to be left alone if checked, if at all possible. I'll take a look at the source and see what I can do.