[openssl-users] It reported verify error:num=20:unable to get local issuer certificate in my embedded linux device, when I used the openssl command

杨俊 yangjun9772 at gmail.com
Thu Dec 15 09:26:40 UTC 2016


Hi Jakob & Michael & opensslers,

I'm sorry to ask a stupid question.
That I found when I used the openssl1.0.1f, it said the error log:
----------------------------------log--------------
/tmp # ./openssl s_client -connect curl.haxx.se:443 -CAfile ./cacert.pem
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=9:certificate is not yet valid
///////////////////////////new error
notBefore=Sep 30 21:12:19 2000 GMT
verify return:0
---
Certificate chain
 0 s:/CN=anja.haxx.se
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
subject=/CN=anja.haxx.se
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 3148 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID:
FD6ABFB426CC33309DBEA4078A4D24A07D5A80A5093AB771504CEBEFDE022706
    Session-ID-ctx:
    Master-Key:
49725D111EC25DD193FB59E485CE32D5E0F3AD6E3269FF6617B2BC4E44ED7E4CCDDC6B05D799B69EA0FF6D974C54EBDE
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:

    Start Time: 2002
 /////////////////////////////////////// time 2002
    Timeout   : 300 (sec)
    Verify return code: 9 (certificate is not yet valid)
---
closed
---------------------------------------------------------------------------------
Is this error occurred by the system clock of my platform?
Actually, I didn't do anything to synchronize time in my platform(no NTP).
Would this be a reason for my first issue and this issue?
I'm trying to do NTP now.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161215/9de332af/attachment.html>


More information about the openssl-users mailing list