Have you enabled CRL checking too? You can also get that if the nextUpdate
time in a CRL has passed. That might explain things if the CRL runs for a
month or so.

WOW! That's it! Thank you so much!

CRL expired exactly the day it stopped working. I did not know that a CRL could 
expire. Never explored it with openssl crl -text ... before. Now I know it has 
those two dates, just like a certificate. Added CRL updates to cron tables on 
the server and all the clients.

I would like to apologize for all the mess around this issue. This was simply 
my mistake. (However, it would be nice if the error message said 'CRL expired' 
instead of 'certificate expired'. Had I seen 'CRL' in the message, I would have 
checked that first.)

Once more many thanks for your advice. My db connection works again.

Andrej

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to