On 12/5/2012 5:30 PM, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They are US. gov't certificates & CRLs, so providing them is a little
complicated. Before I had the proper root & intermediate CAs loaded
and hashed, I would get errors about missing certs in the chain.
Similarly, before I loaded the CRL, it would have issues.
The CERTs are in PEM formats, as well as the CRLs.
I'd suggest you try a version of OpenSSL from the website to see if you have
problems with that.
Version "1.0.0-25" or "1.0.0-fips" is not a standard OpenSSL version.
I installed 1.0.1c (and verified it is the one being called).
When I first reran the commands as I listed earlier, I got
error 20 at 0 depth lookup:unable to get local issuer certificate
I added -CApath /etc/ssl/certs and everything comes back OK again.
Try a sanity check on a certificate, for example:
openssl x509 -in TestForty_Expired.pem -noout -dates
OK... now I have insanity -
openssl x509 -in TestFortyTwo_Expired.pem -noout -dates
notBefore=Dec 30 18:09:39 2008 GMT
notAfter=Dec 29 18:09:39 2014 GMT
I have certificate 42 imported into my Internet Explorer browser, it
indicates the validity dates as:
IE tells me it is valid from 9/13/2011 to 9/14/2011
Ok, try
openssl x509 -n TestFortyTwo_Expired.pem -noout -text
and compare all the details to what you see in IE.
Maybe it is not the same certificate.
Can I switch careers to basket weaving?
Nah, I think that got outsourced (back) to China too.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
