-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
------- Original Message ------- On Wednesday, March 8th, 2023 at 20:07, Bo Berglund <bo.bergl...@gmail.com> wrote: > This happens on an updated easyrsa3 installation (see other thread for > details). > > -------------------------------------------- > (previously existing client) > $ easyrsa show-cert BrittisUbu > > Showing cert details for: 'BrittisUbu' > > This file is stored at: > * /home/bosse/openvpn/easyrsa3/pki/issued/BrittisUbu.crt > Certificate: > Data: > <snip> > > X509v3 Extended Key Usage: > TLS Web Client Authentication > X509v3 Key Usage: > Digital Signature > X509v3 Subject Alternative Name: > DNS:BrittisUbu > ------------------------------------------- > > But when I try this I receive an error: > > $ easyrsa show-expire BrittisUbu > > * Using Easy-RSA configuration: /home/bosse/openvpn/easyrsa3/pki/vars > > * Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020 > > > WARNING > ======= > Untrapped error detected! > -------------------------------------------- > > Next when I try with a client created after the update (no password on this): > > $ easyrsa show-expire TestClientNP > > * Using Easy-RSA configuration: /home/bosse/openvpn/easyrsa3/pki/vars > > * Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020 > -------------------------------------------- > > And when I try with a new client with a password: > > $ easyrsa show-expire TestClientPW > > * Using Easy-RSA configuration: /home/bosse/openvpn/easyrsa3/pki/vars > > * Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020 > > > WARNING > ======= > Untrapped error detected! > -------------------------------------------- > > Using easyrsa show-cert ClientName does show the cert (see start of post) > > If I use this directly it correctly shows the expiration dates for all certs: > > openssl x509 -dates -noout -in $CERT > > (when $CERT is any of the above) > > (Must be executed inside the directory holding the crt files i.e. pki/issued) > > What have I missed now? > I thought it would show when the cert is due to expire, but maybe not? > Ok. For the use of show-expire there is a cut-off number of days. --days=90 If you set --days to exceed when the cert will expire, eg --days=7301, then it should list the expire date, at least it does for me. This is a legacy method, related to "valid renewal period", it can be improved. As for the "untrapped error", stumped, I will try some tests. Thanks R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBQJkCPKvCRBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAADXSQgAyTBvZ4NY1gGfHrl8SjwNgBP3BMBl2FPKFNMfRn1DdH3w4qYS H6WLTH4djfmFfRbWV3DxwqZUMnI1AN5dKUwKK40RTJo1Uuy+qwlrlqwUKG3x TH/+rQRIoc/sHJ2+8Ex/u1bVnTHaDVNS6hlMRQFJLXlmf6cq2GEEwPrMVyib IZiYA88GVliS/eitsA28ctoahJrQNNUmBq/+9VLxeZ1iadPrBko0t7uKvdvs bFIviNAVjuW0naWb0LLhQeQUuo9zsG3gF2Enz7fJW52v5GXaLXEIhXCGcplP k+avtZHndExA26D5Gi6VMKRxmiGZd2RWunMzSzp9Aok5cIWK5jGfvQ== =TgfI -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
