On Mon, 04 Mar 2019 10:06:54 +0100,
Jan Just Keijser wrote:
...
> Having said that, I just created a certificate set to expire on Mar 9 2037
> and it passed the
> following command:
> c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in
> mycert.crt
>
> can you run the same command on the failing certificate?
That's a poor test. 'openssl x509' doesn't verify the certificate,
and the error comes up during verification. To verify, use 'openssl
verify'. Here's an example with OpenSSL test files:
openssl verify -trusted test/certs/root-cert.pem test/certs/ca-cert.pem
So in Wolfgang's case, I suspect something like this would say more:
openssl verify -trusted .....ca.crt .....user.crt
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
