AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Wolfgang Knauf WKnauf at hg-online.de
Mon Mar 4 09:22:41 UTC 2019 

Hi,

this is the output of "-dates":

C:\Program Files\OpenVPN\bin>openssl.exe x509 -dates -subject -noout -in ..\config\SSL_HUG1 at l1139218.vt-security.de\l1139218.vt-security.de.ca.crt
notBefore=Oct 22 13:28:29 2009 GMT
notAfter=Mar  8 13:28:29 2037 GMT
subject=C = de, L = Dortmund, O = Versatel, CN = Versatel VPN CA, emailAddress = admin at vt-security.de


Would it be OK if I send the crt file to only your mail adress? I don't feel save by posting it to the mailing list ;-)?

Best regards

Wolfgang

Von: Jan Just Keijser <janjust at nikhef.nl>
Gesendet: Montag, 4. März 2019 10:07
An: Wolfgang Knauf <WKnauf at hg-online.de>; openssl-users at openssl.org
Betreff: Re: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Hi,

On 04/03/19 09:08, Wolfgang Knauf wrote:
Hi,

I first asked this question in the OpenVPNGui forum, and they redirected me to here: OpenVPNGui 2.4.6 works with a customers server certificate, but it fails when using 2.4.7.

Here is the thread in the OpenVPNGui forum: https://forums.openvpn.net/viewtopic.php?f=24&t=27976

The error is:
Thu Feb 28 08:48:50 2019 VERIFY ERROR: depth=0, error=format error in certificate's notAfter field: C=de, L=Dortmund, O=Versatel, CN=ASG_1, emailAddress=...

The certificate has those fields:
        Validity
            Not Before: Oct 22 13:28:29 2009 GMT
            Not After : Mar  8 13:28:29 2037 GMT

The customer provided us with a ".....ca.crt" file, a "....user.crt" file and a "user.key" file. But I fear it is not smart to post those files in the internet ;-).


you can safely post the client.crt file - it is public info and useless without the key file.

Having said that, I just created a certificate set to expire on Mar 9 2037 and it passed the following command:
  c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in mycert.crt

can you run the same command on the failing certificate?

HTH,

JJK / Jan Just Keijser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190304/31bd4b42/attachment.html>

More information about the openssl-users mailing list