Kyle Hamilton <[EMAIL PROTECTED]> writes:
> What's the validity period for your CA certificate?
>
openssl x509 -in CA/cacert.pem -dates
notBefore=Oct 1 14:24:42 2003 GMT
notAfter=Aug 8 14:24:42 2036 GMT
...
> and did you really mean '1902'?
yes
>
> -Kyle H
>
> On 2/3/06, Petr Silhavy <[EMAIL PROTECTED]> wrote:
>> Hello,
>> I've got this strange error while trying to sign request created by
>> ./CA.sh -newreq
>>
>> openssl ca -policy policy_anything -days 100 -out newcert.pem -infiles
>> newreq.pem
>> Using configuration from /usr/local/ssl/openssl.cnf
>> Enter pass phrase for ./CA/private/cakey.pem:
>> entry 8: invalid expiry date
>> 27459:error:02001002:system library:fopen:No such file or
>> directory:bss_file.c:122:fopen('./CA/index.txt.attr','rb')
>> 27459:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
>> 27459:error:0E078072:configuration file routines:DEF_LOAD:no such
>> file:conf_def.c:197:
>>
>> No newcert.pem is created. Last "successfully" signed certificate has expire
>> date ~1902, probably (time_t)-1. Tested under openssl-0.9.7c and
>> openssl-0.9.8a.
>> Playing with -days and -enddate doesn't help. Thanks in advance.
PS sorry for replaying off-list, this week openssl.org responds to my mails
with :
550 Client host rejected: cannot find your hostname, [194.213.62.98]
--
Petr Silhavy <[EMAIL PROTECTED]>
Just because you're paranoid doesn't mean they AREN'T after you. --fortune
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
