Re: problem with creating cert with openssl x509
when during the creation of the certificate can i do this on? The CA is already provided when i am creating the certificate.. i am bit confused here --- On Thu, 11/12/09, Tomas Hoger wrote: > From: Tomas Hoger > Subject: Re: problem with creating cert with openssl x509 > To: openssl-dev@openssl.org > Date: Thursday, November 12, 2009, 3:18 AM > On Wed, 11 Nov 2009 09:01:41 -0800 > (PST) Al > wrote: > > > is the date format correct then? the x509 doesnt seem > to give me the > > exact format for datesetting and i used YYMMDDHHMMSSZ. > I tried other > > formats but all no good. How did you set yours? > > man 1 x509 > > -startdate > prints out the start date > of the certificate, that is the > notBefore date. > > man 1 ca > > -startdate date > this allows the start date > to be explicitly set. The format of > the date is YYMMDDHHMMSSZ > (the same as an ASN1 UTCTime > structure). > > th. > __ > OpenSSL Project > > http://www.openssl.org > Development Mailing List > openssl-...@openssl.org > Automated List Manager > > majord...@openssl.org > __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
On Wed, 11 Nov 2009 09:01:41 -0800 (PST) Al wrote: > is the date format correct then? the x509 doesnt seem to give me the > exact format for datesetting and i used YYMMDDHHMMSSZ. I tried other > formats but all no good. How did you set yours? man 1 x509 -startdate prints out the start date of the certificate, that is the notBefore date. man 1 ca -startdate date this allows the start date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). th. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
is the date format correct then? the x509 doesnt seem to give me the exact format for datesetting and i used YYMMDDHHMMSSZ. I tried other formats but all no good. How did you set yours? --- On Wed, 11/11/09, Lou Picciano wrote: > From: Lou Picciano > Subject: Re: problem with creating cert with openssl x509 > To: openssl-dev@openssl.org > Date: Wednesday, November 11, 2009, 11:13 AM > #yiv965433757 p > {margin:0;}Don't > know that it will help, but can commiserate a > little...(!) > We recently ran into a similar issue, ours related to > notAfter: > In recent testing, we were able to issue a certificate with > a notAfter field without error, but > > (this was against a PostgreSQL server, if it helps): > LOG: could not accept SSL connection: no certificate > returned > > So, in verifying the cert, bingo! > $ openssl verify (etc) > error 14 at 0 depth lookup:format error in > certificate's notAfter field > (same test was OK on server, so is this an OpenSSL > version issue?) > > - Original Message - > From: "Al" > To: openssl-dev@openssl.org > Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00 > US/Canada Eastern > Subject: problem with creating cert with openssl x509 > > I am trying to create a certificate with specific starting > and ending dates. I searched around and it seems the > parameter for -startdate from x509 is YYMMDDHHMMSSZ but when > i tried to put the parameter: > "-startdate 091119111506Z" i get unknown option > 091119111506Z error. The statement in the script is > something like: > openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} > .. > DAYSTILLEXPIRE is "-days 10" and that works fine > but it doesnt like the parameters i put for STARTDATE > anyone can help me out? thanks! > > > > > __ > OpenSSL Project > > http://www.openssl.org > Development Mailing List > > openssl-dev@openssl.org > Automated List Manager > > majord...@openssl.org > __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
Don't know that it will help, but can commiserate a little...(!) We recently ran into a similar issue, ours related to notAfter: In recent testing, we were able to issue a certificate with a notAfter field without error, but (this was against a PostgreSQL server, if it helps): LOG: could not accept SSL connection: no certificate returned So, in verifying the cert, bingo! $ openssl verify (etc) error 14 at 0 depth lookup:format error in certificate's notAfter field (same test was OK on server, so is this an OpenSSL version issue?) - Original Message - From: "Al" To: openssl-dev@openssl.org Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00 US/Canada Eastern Subject: problem with creating cert with openssl x509 I am trying to create a certificate with specific starting and ending dates. I searched around and it seems the parameter for -startdate from x509 is YYMMDDHHMMSSZ but when i tried to put the parameter: "-startdate 091119111506Z" i get unknown option 091119111506Z error. The statement in the script is something like: openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} .. DAYSTILLEXPIRE is "-days 10" and that works fine but it doesnt like the parameters i put for STARTDATE anyone can help me out? thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
problem with creating cert with openssl x509
I am trying to create a certificate with specific starting and ending dates. I searched around and it seems the parameter for -startdate from x509 is YYMMDDHHMMSSZ but when i tried to put the parameter: "-startdate 091119111506Z" i get unknown option 091119111506Z error. The statement in the script is something like: openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} .. DAYSTILLEXPIRE is "-days 10" and that works fine but it doesnt like the parameters i put for STARTDATE anyone can help me out? thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org