Hi, > "STEP 3: Generating X.509 certificate signed by Snake Oil CA > [server.crt] > Certificate Version (1 or 3) [3]: > Signature ok > subject=/O=telkom/OU=users/CN=Jose > Getting CA Private Key > Verify: matching certificate & key modulus > read RSA key > Verify: matching certificate signature > ../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake > Oil, Ltd/OU=Certificate Authority/CN=Snake Oil > [EMAIL PROTECTED] > error 10 at 1 depth lookup:Certificate has expired > OK" > > Does this mean my server.crt wasn't signed by the CA SnakeOil because > it has expired??
I guess it means that the Snake Oil CA certificate has expired. I just had a look into the certificate (provided with openssl-0.9.6g), its validity is from 9th Oct 1995 until 5th Jul 1998. So it should not be possible to create some new certificates with it... Can someone verify this? Olaf -- Olaf Gellert mailto:[EMAIL PROTECTED] ---------------------------------------------------------------- DFN-PCA: Eine Arbeitsgruppe der DFN-CERT GmbH Oberstr. 14b http://www.pca.dfn.de/ D-20144 Hamburg, Germany +49.40.808077-555 / Fax: -556 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
