Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238452

Keytool generates wrong expiration date if validity is set to 2050/01/01

    Details

    • Subcomponent:
    • Resolved In Build:
      b12
    • Verification:
      Verified

      Backports

        Description

        Keytool has an option that user can give the validity number of days for the
        generated certificate. With configuring validity so that the expire date is
        between 2050/01/01 00:00 and 2050/01/01 07:59 (UTC), the expire date in the
        certificate comes to 1950/01/01.

        Steps to reproduce :

        1. Create certificate
        $ keytool -genkey -alias test -keyalg RSA -keysize 512 -keypass changeit
        -validity 10924 -storetype JKS -keystore mykeystore -storepass changeit
        -dname 'cn=xxx.yyyy.zzz, ou=Vvv, o=Www, c=JP'

        10924 is the days from 2020/02/04 10:00 to 2050/01/01 10:00. The value needs
        to be changed in line with the day and timezone.

        2. Check certificate
        $ keytool -list -v -storepass changeit -keystore mykeystore

        In generated certificate 'valid from' field will contain the wrong value.

        Expected Value :
          Valid from: Tue Feb 04 10:05:50 JST 2020 until: Sun Jan 01 10:05:50 JST 2050
        Actual Value :
          Valid from: Tue Feb 04 10:05:50 JST 2020 until: Sun Jan 01 10:05:50 JST 1950

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rreddy Ravi Reddy
                  Reporter:
                  shadowbug Shadow Bug
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: