Adding support for the 99991231235959Z timestamp

  • Kevin

    Kevin - 2013-02-25

    Does anyone know how difficult it would be to add support for the 'never expire' timestamp of '99991231235959Z'.

    I'm using embedded certificates that never expire and need to create CA and sub-CA certificates that match.

    I'm quite keen to use EJBCA in the project, but really need to build in this change first.

  • Tomas Gustavsson

    Did you try to just set the epire date to 9999 in the certificate profile/create CA form?

    You sure you need more than say 100 years validty?


  • Kevin

    Kevin - 2013-02-25

    Hi Tomas,

    The particular devices that I am supporting are intended to be in the field for more than 25 years. As such the 'notAfter' year will exceed 2038. This really requires that I use the GeneralizedTime value of 99991231235959Z, as in RFC5280.



  • Tomas Gustavsson

    hi, that sounds pretty cool. I dont think it would be very hard. everything takes a little time though. should be easy.

  • Kevin

    Kevin - 2013-02-25

    I had a few certificates that I imported into EJBCA with the notAfter date set to 99991231235959Z. However, EJBCA displays a 2038 expiry date rather than 1/1/10000 (I should add that I'm UTC+10 here).

    Last edit: Kevin 2013-02-26
  • Tomas Gustavsson

    A bit too busy now to look into details of it, but I created an issue for it in the tracker.

    • Kevin

      Kevin - 2013-03-07

      Thanks for that Tomas, it's very much appreciated.


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks