From:
ldo@nz.invalid
Discovered something interesting that doesn’t seem to be documented
anywhere.
Was trying to import an in-house CA cert (generated with OpenSSL) I had
set up for a client and used elsewhere, into a Cisco switch for use in
securing its web admin interface. It kept rejecting the cert with an
unhelpful (and unspecific) “failure” message.
Just for fun, I tried to import a CA cert from Let’s Encrypt. That went in fine.
Trying to narrow down what was different between the two, I noticed that
the Let’s Encrypt CA cert was valid for 20 years, whereas I had set the validity on my one to 100 years.
On further experimentation, I got as far as discovering that the switch
would accept a 70-year validity, but not 75 years. I think the actual
limit might be the end of this century.
Anyway, having found a setting that would work, I left it at 70 years. ;)
--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)