On Tue, 2005-08-23 at 20:24 +0200, Paul Wouters wrote: > It's a limitation of X.509. What "limitation"? Using openssl, the start date defaults to 'now', but that can easily be overriden with -startdate. Maybe there are other certificate generation systems that don't allow that?