OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Jan Just Keijser janjust at nikhef.nl
Mon Mar 4 09:36:10 UTC 2019


Hi Richard,

On 04/03/19 10:27, Richard Levitte wrote:
> On Mon, 04 Mar 2019 10:06:54 +0100,
> Jan Just Keijser wrote:
> ...
>> Having said that, I just created a certificate set to expire on Mar 9 2037 and it passed the
>> following command:
>>    c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in mycert.crt
>>
>> can you run the same command on the failing certificate?
> That's a poor test.  'openssl x509' doesn't verify the certificate,
> and the error comes up during verification.  To verify, use 'openssl
> verify'.  Here's an example with OpenSSL test files:
>
>      openssl verify -trusted test/certs/root-cert.pem test/certs/ca-cert.pem
>
> So in Wolfgang's case, I suspect something like this would say more:
>
>      openssl verify -trusted .....ca.crt .....user.crt
>

you were one step ahead of me :)
I fully agree that it is a poor test, I was just wondering if there was 
an encoding error in the cert itself, esp as the EndDate approaches the 
32bit epoch...

Wolfgang, can you send me both the client cert and the CA cert that goes 
with it? both are public info.

cheers,

JJK / Jan Just Keijser



More information about the openssl-users mailing list