Hi Jakob & Michael & opensslers, I'm sorry to ask a stupid question. That I found when I used the openssl1.0.1f, it said the error log: ----------------------------------log-------------- /tmp # ./openssl s_client -connect curl.haxx.se:443 -CAfile ./cacert.pem CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=9:certificate is not yet valid ///////////////////////////new error notBefore=Sep 30 21:12:19 2000 GMT verify return:0 --- Certificate chain 0 s:/CN=anja.haxx.se i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- .. -----END CERTIFICATE----- subject=/CN=anja.haxx.se issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent --- SSL handshake has read 3148 bytes and written 445 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: FD6ABFB426CC33309DBEA4078A4D24A07D5A80A5093AB771504CEBEFDE022706 Session-ID-ctx: Master-Key: 49725D111EC25DD193FB59E485CE32D5E0F3AD6E3269FF6617B2BC4E44ED7E4CCDDC6B05D799B69EA0FF6D974C54EBDE Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket:
Start Time: 2002 /////////////////////////////////////// time 2002 Timeout : 300 (sec) Verify return code: 9 (certificate is not yet valid) --- closed --------------------------------------------------------------------------------- Is this error occurred by the system clock of my platform? Actually, I didn't do anything to synchronize time in my platform(no NTP). Would this be a reason for my first issue and this issue? I'm trying to do NTP now. Thanks
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users