> This is important when creating root certs with expiry dates after 2038 Not an issue for openssl. As long as you use ASN1_TIME values, it's okay. Might be an issue if converting to time_t on 32-bit platforms.