New idea: Ability to see ASN1 parse TIME format in certification metrics #197
Description
As far as I know there are two TIME implementation in certification for Not After and Not Before:
- UTCTIME
- GENERALIZEDTIME
- some client library cannot handle them well
e.g:
UTCTIME :430507144724Z # (YYmmddHHMMSS+ Zulu)
GENERALIZEDTIME :21171216005944Z # (YYYYmmddHHMMSS+Zulu)
to test it:
openssl asn1parse -in cert.pem | grep TIME
If a certificate created with GENERALIZEDTIME, libraries (which understand it) convert it to the same Not After / Not Before time format as UTCTIME' and hide it what is in the background.
If other library (which does not understand it) trying to connect to/with will not working but it seems like everything is correct.
E.g after replacing a certification and the old and the new one have different TIME implementation then, you just realize that some
clients are not working but in background (if you are not an expert) you wouldn't know what has been changed since that time.