On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Wed, Dec 05, 2012, Will Nordmeyer wrote: > >> On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson <st...@openssl.org> >> wrote: >> > On Wed, Dec 05, 2012, Will Nordmeyer wrote: >> > >> >> They are US. gov't certificates & CRLs, so providing them is a little >> >> complicated. Before I had the proper root & intermediate CAs loaded >> >> and hashed, I would get errors about missing certs in the chain. >> >> Similarly, before I loaded the CRL, it would have issues. >> >> >> >> The CERTs are in PEM formats, as well as the CRLs. >> >> >> > >> > I'd suggest you try a version of OpenSSL from the website to see if you >> > have >> > problems with that. >> > >> > Version "1.0.0-25" or "1.0.0-fips" is not a standard OpenSSL version. >> > >> I installed 1.0.1c (and verified it is the one being called). >> >> When I first reran the commands as I listed earlier, I got >> error 20 at 0 depth lookup:unable to get local issuer certificate >> >> I added -CApath /etc/ssl/certs and everything comes back OK again. > > > Try a sanity check on a certificate, for example: > > openssl x509 -in TestForty_Expired.pem -noout -dates > OK... now I have insanity -
openssl x509 -in TestFortyTwo_Expired.pem -noout -dates notBefore=Dec 30 18:09:39 2008 GMT notAfter=Dec 29 18:09:39 2014 GMT I have certificate 42 imported into my Internet Explorer browser, it indicates the validity dates as: IE tells me it is valid from 9/13/2011 to 9/14/2011 Can I switch careers to basket weaving? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org