Issue with certificate chain

Fri, 21 Dec 2012 04:35:11 -0800

I have a weird issue when creating and importing PFX files into Windows 7 clients. I have created a CA and a sub CA and I have created client certificates. When I import them into Windows 7 clients (in all fairness I have only tried windows 7), when I go to look at the certification path, it tells me that the root CA certificate is expired or not yet valid. Looking at the expiration date of the root CA, it shows it to only be valid from 11/19/2012 through 12/19/2012. The sub CA certificate and the end user certificates are fine with 5 year validity periods. However, when I look at the root CA with openssl it shows the following: 

*#: openssl x509 -in cacert.pem -noout -text

Issuer: CN=ca3.deeztek.com/emailAddress=c...@deeztek.com
        Validity
            Not Before: Dec 20 21:00:07 2012 GMT
            Not After : Dec 19 21:00:07 2017 GMT
        Subject: CN=ca3.deeztek.com/emailAddress=c...@deeztek.com*
Obviously not expired and the dates are completely different from what Windows is reporting. Can anyone shed some light on this. I sign the client certificates with the sub CA using a cachain file I created from the root and the sub ca. 

Thanks

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to