Hi, this is the output of "-dates":
C:\Program Files\OpenVPN\bin>openssl.exe x509 -dates -subject -noout -in ..\config\ssl_h...@l1139218.vt-security.de\l1139218.vt-security.de.ca.crt notBefore=Oct 22 13:28:29 2009 GMT notAfter=Mar 8 13:28:29 2037 GMT subject=C = de, L = Dortmund, O = Versatel, CN = Versatel VPN CA, emailAddress = ad...@vt-security.de Would it be OK if I send the crt file to only your mail adress? I don't feel save by posting it to the mailing list ;-)? Best regards Wolfgang Von: Jan Just Keijser <janj...@nikhef.nl> Gesendet: Montag, 4. März 2019 10:07 An: Wolfgang Knauf <wkn...@hg-online.de>; openssl-users@openssl.org Betreff: Re: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field Hi, On 04/03/19 09:08, Wolfgang Knauf wrote: Hi, I first asked this question in the OpenVPNGui forum, and they redirected me to here: OpenVPNGui 2.4.6 works with a customers server certificate, but it fails when using 2.4.7. Here is the thread in the OpenVPNGui forum: https://forums.openvpn.net/viewtopic.php?f=24&t=27976 The error is: Thu Feb 28 08:48:50 2019 VERIFY ERROR: depth=0, error=format error in certificate's notAfter field: C=de, L=Dortmund, O=Versatel, CN=ASG_1, emailAddress=... The certificate has those fields: Validity Not Before: Oct 22 13:28:29 2009 GMT Not After : Mar 8 13:28:29 2037 GMT The customer provided us with a ".....ca.crt" file, a "....user.crt" file and a "user.key" file. But I fear it is not smart to post those files in the internet ;-). you can safely post the client.crt file - it is public info and useless without the key file. Having said that, I just created a certificate set to expire on Mar 9 2037 and it passed the following command: c:\program files\openvpn\bin\openssl x509 -dates -subject -noout -in mycert.crt can you run the same command on the failing certificate? HTH, JJK / Jan Just Keijser
