OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Richard Levitte levitte at
Mon Mar 4 09:27:26 UTC 2019

On Mon, 04 Mar 2019 10:06:54 +0100,
Jan Just Keijser wrote:
> Having said that, I just created a certificate set to expire on Mar 9 2037 and it passed the
> following command:
>   c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in mycert.crt
> can you run the same command on the failing certificate?

That's a poor test.  'openssl x509' doesn't verify the certificate,
and the error comes up during verification.  To verify, use 'openssl
verify'.  Here's an example with OpenSSL test files:

    openssl verify -trusted test/certs/root-cert.pem test/certs/ca-cert.pem 

So in Wolfgang's case, I suspect something like this would say more:

    openssl verify -trusted .....user.crt


Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-users mailing list