000025514 - RSA Authenticator Utility does not import digital certificate which has an expiration date of 2/3/2106

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025514
Applies ToRSA Authenticator Utility (RAU) 1.0
Microsoft Windows XP Professional SP2
RSA SecurID SID800 Authenticator
RSA BSAFE Cert-C
IssueRSA Authenticator Utility does not import digital certificate which has an expiration date of 2/3/2106
CauseThe problem is with RSA BSAFE Cert-C and the certificate having an expiration date of the year 2105. Cert-C uses UINT4 (unsigned 4 byte integer) types to store date and time values represented as seconds since January 1, 1970 00:00 UTC. The valid input range is from 0 which yields January 1, 1970 00:00 UTC to 4294967295 which yields February 6, 2106 06:28:15 UTC.

Many of the standards implemented by Cert-C specify that GeneralizedTime can be used, which allows for dates beyond those that are able to be stored in a UINT4. Thus, Cert-C suffers from the Year 2106 problem by design.

Another issue is that, when ASN.1 parsing certificates, Cert-C currently does not allow full use of the possible date and time range. There is a Year 2099 limit hard-coded.
ResolutionRSA Security hopes to resolve this issue in a future update to RSA BSAFE Cert-C that will then be used for future version of RSA Authenticator Utility (RAU) and other RSA products. So until then, the digital certificate cannot have an expiration date beyond 2099.
Legacy Article IDa29167

Attachments

    Outcomes