I’m working on a Qt lib, based on OpenSSL (QCA - QtCryptographicArchitecture), actually I’m joining the last dev on it.
The lib was written in 2001, and there are some unit tests using many x509 certificates and combination of them (Good CA, Bad CA, Bad Chain, End cert with deleted CA, Revoked, Revoked, Trusted CA, not trusted CA, and many more), and actually ONE of the tests needs 57 certificates and CRLs… And as you all can imagine, they’re all expired since 2011.
I’m the the primary dev, I don’t have the mysterious script which would generate all these cert, is there a way to expand the validity of existing certificates?
Obviously, I don’t care if they become unstrusted, I have CAs and signed cert by these CAs, so the tests will handle that part.
Thanks for your help.
No, unfortunately for you, you can't change the validity date of a certificate. Actually you can't change anything since a certificate is signed. Changing one bit will make the validation of the certificate signature fail.
I strongly encourage you to look at the NIST X.509 path validation test vectors which are kept up to date in order to replace your old tests.