[Openswan Users] Strange CA certificate validation
Denis Kondratenko
d.kondratenko at wwpass.com
Mon Jan 18 08:24:34 EST 2010
Tuomo Soini wrote:
> Denis Kondratenko wrote:
>
>> And openswan assumes my root CA is expired!
>>
>> But when I run:
>> openssl x509 -in ipsec.d/cacerts/xxxx-rootCA.crt -startdate -enddate -noout
>> it looks like a valid:
>> notBefore=Dec 8 09:16:30 2009 GMT
>> notAfter=Dec 8 09:26:29 2049 GMT
>>
>> My box is:
>>
>> vpn:/# uname -a
>> Linux vpn.xxxx.net 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686
>> GNU/Linux
>
> Openswan is right. Your root certificate is not valid on that system
> because it's clock is so badly wrong. I suggest setting up ntpd.
>
No, no!
It would be so easy to solve.
Once more. I ran:
ssh:/etc# date
Mon Jan 18 16:22:36 UTC 2010
And yes. NTP daemon is installed, is up and is working.
More information about the Users
mailing list