[Openswan Users] Strange CA certificate validation
Denis Kondratenko
d.kondratenko at wwpass.com
Tue Jan 19 02:39:35 EST 2010
Tuomo Soini wrote:
> Denis Kondratenko wrote:
>
>> And openswan assumes my root CA is expired!
>>
>> But when I run:
>> openssl x509 -in ipsec.d/cacerts/xxxx-rootCA.crt -startdate -enddate -noout
>> it looks like a valid:
>> notBefore=Dec 8 09:16:30 2009 GMT
>> notAfter=Dec 8 09:26:29 2049 GMT
>>
>> My box is:
>>
>> vpn:/# uname -a
>> Linux vpn.xxxx.net 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686
>> GNU/Linux
>
> Openswan is right. Your root certificate is not valid on that system
> because it's clock is so badly wrong. I suggest setting up ntpd.
>
What's that problem:
http://en.wikipedia.org/wiki/Year_2038_problem
But how to resolve it?
More information about the Users
mailing list