none
DaylightSaving problem with NotBefore and NotAfter in X509Certificate2 RRS feed

  • Question

  • I've found a problem v these two (NotBefore and NotAfter) properties. If I have looked at them in certfificate information window (double click on cer file in windows), values there and values through loading the certificate to .NET X509Certificate2 object were different, if NotBefore was in different DayLightSaving than current time. Got me? Has anyone else noticed this? I have windows 7 and .NET framework 4.0.
    • Edited by GregorM Monday, May 21, 2012 12:20 PM
    Monday, May 21, 2012 8:01 AM

All replies

  • Hi Gregorm,

    Welcome to the MSDN Forum.

    I have test a Certificate by this code:

        Sub ReadCerProperty(cerPath As String)
            Dim cer As X509Certificate2 = New X509Certificate2(cerPath)
            Console.WriteLine(cer.NotBefore)
            Console.WriteLine(cer.NotAfter)
        End Sub

    It get the exactly same date and time with the ones in certificate manager(certmgr.msc)

    How the date is different in your case?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 5:41 AM
    Moderator
  • Hi Mike, thans for the reply.

    What was the datetime of your test certificate. It's important to see the difference that the datetime of certificate is in different Daylightsaving than the current time.

    I've noticed the problem when let's say NotBefore was 12.2.2009 11:59, than in certificate manager is this time, through .NET it is 12.2.2009 11:59.

    Data from .NET application

    Data that I get in .NET application

    Data from certificate manager(certmgr.msc)

    Data that is displayed in certificate manager


    • Edited by GregorM Tuesday, May 22, 2012 6:06 AM
    Tuesday, May 22, 2012 6:03 AM
  • Hi GregorM,

    Do you see the both result in the same computer?

    Please take a look at this documentation: http://msdn.microsoft.com/en-us/library/windows/apps/hh464944.aspx 

    Validity

    Specifies the time interval during which the certificate is valid. Dates through the end of 2049 use the Coordinated Universal Time (Greenwich Mean Time) format (yymmddhhmmssz). Dates beginning with January 1st, 2050 use the generalized time format (yyyymmddhhmmssz).

    Since the Certificate stores the Greenwich Mean Time, and the date will be adjust to local time zone. When the zone are different between the two computer, it is normal.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 6:24 AM
    Moderator
  • Yes on the same computer so the same timezone ... I have tried changing the timezone, and if the timezone is UTC then the dates are equal, but if there is a timezone with daylightsaving, the dates differ.

    If UTC timezone, the datetimes is the same

    Tuesday, May 22, 2012 6:33 AM
  • Hi GregorM,

    I still cannot reproduce your scenario.

    Where is your test code? In a whole new project, or in a existing project you have finished?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 7:27 AM
    Moderator
  • The current code in existing project, I'll prepare a test project, with certificate and attach it here.

    Thanks your for your help.

    Tuesday, May 22, 2012 7:34 AM
  • Hi GregorM,

    You are welcome.

    If you can get the same date and time value, it means the timezone of your existing project is changed.

    I look forward you.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 7:37 AM
    Moderator
  • So, as I said ... here is my test case

    In this case the problem is just with NoAfter datetime, because it's in different daylightsaving time.

    Here is the test project file.

    .


    • Edited by GregorM Tuesday, May 22, 2012 9:27 AM
    Tuesday, May 22, 2012 8:54 AM
  • Hi GregorM,

    There is no direct way to this forum. But you can try to upload it on skydrive and post the download link here.

    If it is possible, upload your certificate, too.

    Thank you.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 9:28 AM
    Moderator
  • I've uploaded it to sendspace.com ... here.

    The certificate is in "CertValidityDateTest\CertValidityDateTest\bin\Debug" directory.


    • Edited by GregorM Tuesday, May 22, 2012 9:41 AM
    Tuesday, May 22, 2012 9:34 AM
  • Hi GregorM,

    I still get the same date and time value.

    I think it is time to involve other one here, but it will take a little time, thank you for your patience.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 9:53 AM
    Moderator
  • What about if you change your timezone to let's say GMT+1 in this timezone I am testing ...
    Tuesday, May 22, 2012 9:57 AM
  • You should have set timezone which has Daylightsaving observed.

    Tuesday, May 22, 2012 10:17 AM
  • Hi GregorM,

    This seems a little clear.

    The .net class X509Certificate2 returns the right value. I always test the timezone ((UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi), and there is no such custom here, so there is no such setting and I always get the same result. 

    Now I have test more, I found this is related to the time zone and day Light saving Time. So this is a question about Datetime rather than X509Certificate2. 

    Test time zone: (UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague, without daylight saving time.

    In this case, the local time is Monday, ‎December ‎31, ‎2012 4:15:03 PM in cert manager, so the UTC time is 12/31/2012 3:15:03 PM, and the local time shows in your form. And the cert manage time is  Monday, ‎December ‎31, ‎2012 4:15:03 PM

    Now check the daylight saving time:

    The times showing form don't change. And the time in cert manager is Monday, ‎December ‎31, ‎2012 5:15:03 PM. This time has been added an hour daylight saving time. But the time in form isn't applied the rule:

            private void btnLoad_Click(object sender, EventArgs e)
            {
                X509Certificate2 cert = new X509Certificate2("testcert.cer");
                DateTime cerTime = cert.NotAfter;
                txtNotBefore.Text = cert.NotBefore.ToString();
                txtNotAfter.Text = cert.NotAfter.ToString();
                textBox1.Text = cerTime.ToLocalTime().ToString ();
                Console.WriteLine(cerTime.IsDaylightSavingTime());
            }

    And here are more about this:

    http://msdn.microsoft.com/en-us/library/system.datetime.aspx 

    DateTime Values

    Descriptions of time values in the DateTime type are often expressed using the Coordinated Universal Time (UTC) standard, which is the internationally recognized name for Greenwich Mean Time (GMT). Coordinated Universal Time is the time as measured at zero degrees longitude, the UTC origin point. Daylight saving time is not applicable to UTC.

    Local time is relative to a particular time zone. A time zone is associated with a time zone offset, which is the displacement of the time zone measured in hours from the UTC origin point. In addition, local time is optionally affected by daylight saving time, which adds or subtracts an hour from the length of a day. Consequently, local time is calculated by adding the time zone offset to UTC and adjusting for daylight saving time if necessary. The time zone offset at the UTC origin point is zero.

    UTC time is suitable for calculations, comparisons, and storing dates and time in files. Local time is appropriate for display in user interfaces of desktop applications. Time zone-aware applications (such as many Web applications) also need to work with a number of other time zones.

    If the Kind property of a DateTime object is DateTimeKind.Unspecified, it is unspecified whether the time represented is local time, UTC time, or a time in some other time zone.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, May 22, 2012 12:26 PM
    Moderator
  • Well thanks for detailed explaination, but I still don't get it ... it's written that "Consequently, local time is calculated by adding the time zone offset to UTC and adjusting for daylight saving time if necessary." But why does't not cert.NotAfter show true local time, beacause it should, or am I mistaken?

    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.notafter.aspx

    X509Certificate2.NotAfter Property

    Gets the date in local time after which a certificate is no longer valid.

    • Edited by GregorM Tuesday, May 22, 2012 12:55 PM
    Tuesday, May 22, 2012 12:52 PM
  • So, you are saying that in your opinion everything is ok?

    But why the difference than?

    What solution do you recomend?

    Wednesday, May 23, 2012 5:17 AM
  • Well thanks for detailed explaination, but I still don't get it ... it's written that "Consequently, local time is calculated by adding the time zone offset to UTC and adjusting for daylight saving time if necessary." But why does't not cert.NotAfter show true local time, beacause it should, or am I mistaken?

    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.notafter.aspx

    X509Certificate2.NotAfter Property

    Gets the date in local time after which a certificate is no longer valid.

    Hi GregorM,

    I have looked at your response. 

    You have highlighted " if necessary", yes, I agree with it. But who need, and when is it necessary, I am not sure that. 

    And this point: "Gets the date in local time after which a certificate is no longer valid." So I agree with you. But it seems that the local time isn't applied the daylight saving time option. There should be also better explanations. And sorry I am not neither sure this.

    I have tried to involve some other one in this thread, so please wait a moment. Thank you for your patience.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, May 23, 2012 5:46 AM
    Moderator
  • Anyone other responed to you yet about this issue, maybe?
    Friday, May 25, 2012 10:23 AM
  • Hello ... I started this discussion because a customer complained that my application shows different datetime than cert manager. I need to make some change to my application, but first just want to be clear why there is the difference ...
    Monday, June 4, 2012 12:13 PM
  • Hi,

    If you have a simple project which could always repro your issue, please check and post your issue to http://connect.microsoft.com/, realted team will have a check.

    Also, you could  visit the below link to see the various paid support options that are available to better meet your needs if you requires a more in-depth level of support.

    http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone 
     
     
    Regards

    Tuesday, July 3, 2012 7:28 AM