diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc
index 3365a6312..3706b4078 100644
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@@ -30,6 +30,7 @@
 #include "pqinetwork.h"
 #include "authgpg.h"
 #include "rsitems/rsconfigitems.h"
+#include "util/rsdebug.h"
 #include "util/rsdir.h"
 #include "util/rsstring.h"
 #include "pgp/pgpkeyutil.h"
@@ -804,10 +805,18 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
         }
         X509_NAME_free(issuer_name);
 
-        // NEW code, set validity time between null and null
-        // (does not leak the key creation date to the outside anymore. for more privacy)
-        ASN1_TIME_set(X509_get_notBefore(x509), 0);
-        ASN1_TIME_set(X509_get_notAfter(x509), 0);
+	// NEW code, set validity time between 2010 and 2110 (remember to change it when, if OpenSSL check it by default. ;) )
+	// (does not leak the key creation date to the outside anymore. for more privacy)
+	if (!ASN1_TIME_set_string(X509_getm_notBefore(x509), "20100101000000Z"))
+	{
+		RsErr() << __PRETTY_FUNCTION__ << " Set notBefore FAIL" << std::endl;
+		return NULL;
+	}
+	if (!ASN1_TIME_set_string(X509_getm_notAfter(x509), "21100101000000Z"))
+	{
+		RsErr() << __PRETTY_FUNCTION__ << " Set notAfter FAIL" << std::endl;
+		return NULL;
+	}
 
         if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
         {