OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field
Jan Just Keijser
janjust at nikhef.nl
Mon Mar 4 09:36:10 UTC 2019
Hi Richard,
On 04/03/19 10:27, Richard Levitte wrote:
> On Mon, 04 Mar 2019 10:06:54 +0100,
> Jan Just Keijser wrote:
> ...
>> Having said that, I just created a certificate set to expire on Mar 9 2037 and it passed the
>> following command:
>> c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in mycert.crt
>>
>> can you run the same command on the failing certificate?
> That's a poor test. 'openssl x509' doesn't verify the certificate,
> and the error comes up during verification. To verify, use 'openssl
> verify'. Here's an example with OpenSSL test files:
>
> openssl verify -trusted test/certs/root-cert.pem test/certs/ca-cert.pem
>
> So in Wolfgang's case, I suspect something like this would say more:
>
> openssl verify -trusted .....ca.crt .....user.crt
>
you were one step ahead of me :)
I fully agree that it is a poor test, I was just wondering if there was
an encoding error in the cert itself, esp as the EndDate approaches the
32bit epoch...
Wolfgang, can you send me both the client cert and the CA cert that goes
with it? both are public info.
cheers,
JJK / Jan Just Keijser
More information about the openssl-users
mailing list