diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp
index d38275f..078d9c6 100644
--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -337,7 +337,8 @@ static long keyring_local_cache_query_cb(void * data, const uchar * key, uint si
 static struct keyring_private* generate_x509_keyring(X509* origin_cert, X509* ca, EVP_PKEY* cakey)
 {
 	//TODO: could be optimized to save cpu.
-	EVP_PKEY* forge_key = ssl_key_genrsa(1024);
+	
+	EVP_PKEY* forge_key = ssl_key_genrsa(2048);
 	X509* forge_cert = ssl_x509_forge(ca, cakey, origin_cert, forge_key, NULL, NULL);
 	STACK_OF(X509)* chain = sk_X509_new_null();
 	sk_X509_push(chain, ca);
diff --git a/platform/src/ssl_utils.cpp b/platform/src/ssl_utils.cpp
index 90c1208..1831923 100644
--- a/platform/src/ssl_utils.cpp
+++ b/platform/src/ssl_utils.cpp
@@ -616,6 +616,42 @@ int ssl_x509_serial_copyrand(X509 * dstcrt, X509 * srccrt)
 	return 0;
 }
 
+
+
+static time_t ASN1_GetTimeT(ASN1_TIME* time){
+    struct tm t;
+    const char* str = (const char*) time->data;
+    size_t i = 0;
+
+    memset(&t, 0, sizeof(t));
+
+    if (time->type == V_ASN1_UTCTIME) {/* two digit year */
+        t.tm_year = (str[i++] - '0') * 10;
+        t.tm_year += (str[i++] - '0');
+        if (t.tm_year < 70)
+            t.tm_year += 100;
+    } else if (time->type == V_ASN1_GENERALIZEDTIME) {/* four digit year */
+        t.tm_year = (str[i++] - '0') * 1000;
+        t.tm_year+= (str[i++] - '0') * 100;
+        t.tm_year+= (str[i++] - '0') * 10;
+        t.tm_year+= (str[i++] - '0');
+        t.tm_year -= 1900;
+    }
+    t.tm_mon  = (str[i++] - '0') * 10;
+    t.tm_mon += (str[i++] - '0') - 1; // -1 since January is 0 not 1.
+    t.tm_mday = (str[i++] - '0') * 10;
+    t.tm_mday+= (str[i++] - '0');
+    t.tm_hour = (str[i++] - '0') * 10;
+    t.tm_hour+= (str[i++] - '0');
+    t.tm_min  = (str[i++] - '0') * 10;
+    t.tm_min += (str[i++] - '0');
+    t.tm_sec  = (str[i++] - '0') * 10;
+    t.tm_sec += (str[i++] - '0');
+
+    /* Note: we did not adjust the time based on time zone information */
+    return mktime(&t);
+}
+
 /*
  * Create a fake X509v3 cert, signed by the provided CA,
  * based on the original cert retrieved from the real server.
@@ -645,11 +681,13 @@ X509 * ssl_x509_forge(X509 * cacrt, EVP_PKEY * cakey, X509 * origcrt, EVP_PKEY *
 		!X509_set_subject_name(crt, subject) ||
 		!X509_set_issuer_name(crt, issuer) ||
 		ssl_x509_serial_copyrand(crt, origcrt) == -1 ||
-		!X509_gmtime_adj(X509_get_notBefore(crt), (long) -60 * 60 * 24) ||
-		!X509_gmtime_adj(X509_get_notAfter(crt), (long) 60 * 60 * 24 * 364) ||
+		//!X509_gmtime_adj(X509_get_notBefore(crt), (long) -60 * 60 * 24) ||
+		//!X509_gmtime_adj(X509_get_notAfter(crt), (long) 60 * 60 * 24 * 364) ||
 		!X509_set_pubkey(crt, key))
 		goto errout;
 
+	ASN1_TIME_set(X509_get_notBefore(crt), ASN1_GetTimeT(X509_get_notBefore(origcrt)));
+	ASN1_TIME_set(X509_get_notAfter(crt), ASN1_GetTimeT(X509_get_notAfter(origcrt)));
 	/* add standard v3 extensions; cf. RFC 2459 */
 
 	X509V3_CTX ctx;