Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9523

EJBCA's validity definition does not align with the one from RFC5280 and baseline requirements

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.4.3
    • Component/s: None
    • Labels:

      Description

      Since version 1.7.1 of the baseline requirements for publicly trusted certificates, the validity of a certificate is defined as in section 4.1.2.5 of RFC5280. i.e. the period of time from notBefore through notAfter, inclusive.
      However, EJBCA calculates the notAfter of a certificate as notBefore + validity, which results in certificates having a validity period that is one second longer than the requested validity or the validity configured in the certificate profile, according to the BRs.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              rubinaa Rubina Akram
              Verified by:
              Henrik Sunmark
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days
                  2d