PKI operators anyone?

Joel Jaeggli joelja at
Thu Sep 6 07:36:12 UTC 2007

bmanning at wrote:
>>> I dont see verisign roots expiring every five years.
>> I believe that they're on 30 years or so for the root CA
>> certificates, and shorter periods for the intermediates.
>> /John
> 	it was explained to me that the expiry date is after 2038

The verisign root CA public certs I have in my keyring that expire more
than 10 years from now expire either 08/01/2028 or 07/16/2036 which is
well before 03:14:07 UTC jan 19 2038.

Since my arch uses a signed 64bit int for time_t I'm assuming
calculations beyond that magic number won't be an issue for validating
the contents of my keyring.

> --bill

More information about the NANOG mailing list