private static byte[][] EncodeValidityField(DateTimeOffset validityField, string propertyName) { /* https://tools.ietf.org/html/rfc3280#section-4.1.2.5 * 4.1.2.5 Validity * * The certificate validity period is the time interval during which the * CA warrants that it will maintain information about the status of the * certificate. The field is represented as a SEQUENCE of two dates: * the date on which the certificate validity period begins (notBefore) * and the date on which the certificate validity period ends * (notAfter). Both notBefore and notAfter may be encoded as UTCTime or * GeneralizedTime. * * CAs conforming to this profile MUST always encode certificate * validity dates through the year 2049 as UTCTime; certificate validity * dates in 2050 or later MUST be encoded as GeneralizedTime. * * The validity period for a certificate is the period of time from * notBefore through notAfter, inclusive. */ DateTime utcValue = validityField.UtcDateTime; // On the one hand, GeneralizedTime easily goes back to 1000, and possibly to 0000; // but on the other, dates before computers are just a bit beyond the pale. if (utcValue.Year < 1950) { throw new ArgumentOutOfRangeException(propertyName, utcValue, SR.GetString(SR.Cryptography_CertReq_DateTooOld)); } // Since the date encoding is effectively a DER rule (ensuring that two encoders // produce the same result), no option exists to encode the validity field as a // GeneralizedTime when it fits in the UTCTime constraint. if (utcValue.Year < 2050) { return(DerEncoder.SegmentedEncodeUtcTime(utcValue)); } return(DerEncoder.SegmentedEncodeGeneralizedTime(utcValue)); }