[Openswan Users] Strange CA certificate validation
Tuomo Soini
tis at foobar.fi
Mon Jan 18 08:12:30 EST 2010
Denis Kondratenko wrote:
> And openswan assumes my root CA is expired!
>
> But when I run:
> openssl x509 -in ipsec.d/cacerts/xxxx-rootCA.crt -startdate -enddate -noout
> it looks like a valid:
> notBefore=Dec 8 09:16:30 2009 GMT
> notAfter=Dec 8 09:26:29 2049 GMT
>
> My box is:
>
> vpn:/# uname -a
> Linux vpn.xxxx.net 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686
> GNU/Linux
Openswan is right. Your root certificate is not valid on that system
because it's clock is so badly wrong. I suggest setting up ntpd.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list