Hello, Sorry for the delay, I had some problem with... "delays" :). I have carefully read all of the suggestions from Kyle and Patrick. However, the serial issue was the most flagrant, definitely and I have immediately defined one. Concerning the other suggestions (KU, EKU, AKI), I agree with them but the project that I work on is not specifically concerned; the purpose is only to test a network protocol.
However, I managed to solve the problem which was not at all related to openSSL, not even to programming at all. I was verifying the endhost certificate immediately after it was generated on-the-fly on the issuer machine. The problem was that the clocks of the two machines have pronounced jitters (+/- 10 s/ week) so my certificate was getting verified before its validity date began, thus the "not yet valid" error. Thanks again for all your help, I really added it to my PKC knowledge. -- Silviu
