Hello,
Yesterday I created a new certificate request for use with Sendmail and
STARTTLS. I signed the request with my existing CA. This morning I'm
getting messages from certwatch say the key and cert are expired or are
going to expire in less than 7 days. My CA is good till December 2010,
and the request is good untill November 2009. When I run certwatch I
get these errors...
unable to load certificate
5143:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
date: invalid date `+%s'
unable to load certificate
5173:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
date: invalid date `+%s'
unable to load certificate
5203:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
date: invalid date `+%s'
unable to load certificate
5235:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
date: invalid date `+%s'
unable to load certificate
5260:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
date: invalid date `+%s'
I have 5 files (3 certs and 2 keys) in /etc/mail/certs where certwatch
is watching and they all give this error. Only 1 cert and key is from
yesterday. The other 3 have been there for almost a year.
Is there a way to check the date on the key files to verify that they
are expiring. Is the error above causing the problem?
Thanks,
Rick
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]