Don't know that it will help, but can commiserate a little...(!) We recently ran into a similar issue, ours related to notAfter: In recent testing, we were able to issue a certificate with a notAfter field without error, but
(this was against a PostgreSQL server, if it helps): LOG: could not accept SSL connection: no certificate returned So, in verifying the cert, bingo! $ openssl verify (etc) error 14 at 0 depth lookup:format error in certificate's notAfter field (same test was OK on server, so is this an OpenSSL version issue?) ----- Original Message ----- From: "Al" <[email protected]> To: [email protected] Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00 US/Canada Eastern Subject: problem with creating cert with openssl x509 I am trying to create a certificate with specific starting and ending dates. I searched around and it seems the parameter for -startdate from x509 is YYMMDDHHMMSSZ but when i tried to put the parameter: "-startdate 091119111506Z" i get unknown option 091119111506Z error. The statement in the script is something like: openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} ...... DAYSTILLEXPIRE is "-days 10" and that works fine but it doesnt like the parameters i put for STARTDATE.... anyone can help me out? thanks! ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
