ASN1 (ITU-T X.680) allows many types of encodings for Generalized times however for both certificates and ocsp responses the rfc specify a single valid encoding. From RFC 5280 section 22.214.171.124.2: For the purposes of this profile, GeneralizedTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero. GeneralizedTime values MUST NOT include fractional seconds. And from from RFC 6960 (OCSP) section 126.96.36.199: Responses can contain four times -- thisUpdate, nextUpdate, producedAt, and revocationTime. The semantics of these fields are defined in Section 2.4. The format for GeneralizedTime is as specified in Section 188.8.131.52.2 of [RFC5280]. We currently accept encodings using local time and not including seconds
This was fixed as part of the time-parsing rewrite in bug 1043041.