Is it possible within XCA to have a certificate that has an expiration date after the root or intermediate certificate expires? I've set the appropriate settings but it reverts the expiration date to that of the parent!
No. This is by design. XCA checks it and issues a warning that it modifies the expiration times.
A certificate may not live longer than the issuer. Any chain verification will fail for the certificate if the CA lifetime has expired.
If you want it anyway, feel free to modify the sources (lib/db_x509.cpp:~500) and recompile.
Actually, I'd prefer a checkbox to be added to the dialog that allows the date to be left alone if checked, if at all possible. I'll take a look at the source and see what I can do.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.