On Thu, Oct 02, 2008, Gabor HALASZ wrote:
> Hi!
>
> First, sorry for my english...Second, I tried to renew one of our
> certificates, and I got an invalid certificates if I specified the
> notBefore value:
>
> Validity
> Not Before: Oct 2 00:00:00 2008
> Not After : Oct 2 11:17:11 2009 GMT
>
>
> the notBefore in the certificate not contains timezone information, and my
> server drops the secure connections. Whitout -startdate specification
> value, the renewed certificate will correct:
>
> Validity
> Not Before: Oct 2 14:17:47 2008 GMT
> Not After : Oct 2 14:17:47 2009 GMT
>
> I used the next command:
>
> /usr/bin/openssl ca \
> -config /etc/ssl/openssl.cnf \
> -policy policy_anything \
> -in /home/localCa/requests/request-${SERIAL}.pem \
> -out /home/localCa/certificates/certificate-${NEXTSERIAL}.pem \
> -days 365 \
> -startdate `/bin/date +%y%m%d`000000
>
>
> I tired add GMT into -startdate line, but I only got a new error message.
> What about this?
>
Would help if you said what the error message was and which command or
application produced it.
Try specifying the date in the form YYMMDDHHMMSSZ for example
081002233100Z
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
