From: ldo@nz.invalid   
      
   Discovered something interesting that doesn’t seem to be documented   
   anywhere.   
      
   Was trying to import an in-house CA cert (generated with OpenSSL) I had   
   set up for a client and used elsewhere, into a Cisco switch for use in   
   securing its web admin interface. It kept rejecting the cert with an   
   unhelpful (and unspecific) “failure” message.   
      
   Just for fun, I tried to import a CA cert from Let’s Encrypt. That went in   
   fine.   
      
   Trying to narrow down what was different between the two, I noticed that   
   the Let’s Encrypt CA cert was valid for 20 years, whereas I had set the   
   validity on my one to 100 years.   
      
   On further experimentation, I got as far as discovering that the switch   
   would accept a 70-year validity, but not 75 years. I think the actual   
   limit might be the end of this century.   
      
   Anyway, having found a setting that would work, I left it at 70 years. ;)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)