diff options
author | Paul Yang <paulyang.inf@gmail.com> | 2017-07-10 01:52:33 +0800 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-07-23 09:13:35 -0400 |
commit | 909873bda30c1d568adef767b35558ced5c86d81 (patch) | |
tree | da096b4f70226aa264868555628ad87fec5d91da /doc | |
parent | 4e9b720e90ec154c9708139e96ec0ff8e2796c82 (diff) |
Update doc/ca.pod to clarify description for dates
"Note" part is based on PR #3566
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3895)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/ca.pod | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod index 4a5970892c..ab8ce7211f 100644 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -164,12 +164,16 @@ Don't output the text form of a certificate to the output file. =item B<-startdate date> This allows the start date to be explicitly set. The format of the -date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timzone Z must be present. =item B<-enddate date> This allows the expiry date to be explicitly set. The format of the -date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timzone Z must be present. =item B<-days arg> @@ -716,6 +720,14 @@ For example if the CA certificate has: then even if a certificate is issued with CA:TRUE it will not be valid. +=head1 HISTORY + +Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, +certificate validity period (specified by any of B<-startdate>, +B<-enddate> and B<-days>) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. + =head1 SEE ALSO L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>, |