Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duane_Toler
Advisor

Internal_CA expiring at UNIX Epoch

Check Point ICA still uses 32-bit time.  New CMAs and SmartCenters are expiring at the UNIX epoch.  This has been a hard-coded thing since the hotfix/patch back in 2018.

sk122874 and sk122612

 

# cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: 2>/dev/null | cpopenssl x509 -noout -enddate

notAfter=Jan 19 03:14:07 2038 GMT

 

Is work being done to move to 64-bit time soon?  2038 is not that far away... 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

While I suspect we will ultimately have to change this, this will most likely not be a backward compatible change.
Which most likely means it will require upgrading to specific releases that support it (when we ultimately introduce it).

I suspect a lot of other things Unix-based will also break around the end of the Epoch.

0 Kudos
Václav_Brožík
Collaborator

I thinks this comes from limitations in openssl:

https://github.com/openssl/openssl/issues/16401

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events