CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime; certificate validity
dates in 2050 or later MUST be encoded as GeneralizedTime.
Conforming applications MUST be able to process validity dates that
are encoded in either UTCTime or GeneralizedTime.
See more details https://github.com/PeculiarVentures/x509/issues/36
Current implementation uses
utcTime
always. It's wrong.RFC5280 Validity 4.1.2.5