Re: problem with creating cert with openssl x509
when during the creation of the certificate can i do this on? The CA is already provided when i am creating the certificate.. i am bit confused here --- On Thu, 11/12/09, Tomas Hoger wrote: > From: Tomas Hoger > Subject: Re: problem with creating cert with openssl x509 > To: openssl-dev@openssl.org > Date: Thursday, November 12, 2009, 3:18 AM > On Wed, 11 Nov 2009 09:01:41 -0800 > (PST) Al > wrote: > > > is the date format correct then? the x509 doesnt seem > to give me the > > exact format for datesetting and i used YYMMDDHHMMSSZ. > I tried other > > formats but all no good. How did you set yours? > > man 1 x509 > > -startdate > prints out the start date > of the certificate, that is the > notBefore date. > > man 1 ca > > -startdate date > this allows the start date > to be explicitly set. The format of > the date is YYMMDDHHMMSSZ > (the same as an ASN1 UTCTime > structure). > > th. > __ > OpenSSL Project > > http://www.openssl.org > Development Mailing List > openssl-...@openssl.org > Automated List Manager > > majord...@openssl.org > __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
On Wed, 11 Nov 2009 09:01:41 -0800 (PST) Al wrote: > is the date format correct then? the x509 doesnt seem to give me the > exact format for datesetting and i used YYMMDDHHMMSSZ. I tried other > formats but all no good. How did you set yours? man 1 x509 -startdate prints out the start date of the certificate, that is the notBefore date. man 1 ca -startdate date this allows the start date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). th. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
is the date format correct then? the x509 doesnt seem to give me the exact
format for datesetting and i used YYMMDDHHMMSSZ. I tried other formats but all
no good. How did you set yours?
--- On Wed, 11/11/09, Lou Picciano wrote:
> From: Lou Picciano
> Subject: Re: problem with creating cert with openssl x509
> To: openssl-dev@openssl.org
> Date: Wednesday, November 11, 2009, 11:13 AM
> #yiv965433757 p
> {margin:0;}Don't
> know that it will help, but can commiserate a
> little...(!)
> We recently ran into a similar issue, ours related to
> notAfter:
> In recent testing, we were able to issue a certificate with
> a notAfter field without error, but
>
> (this was against a PostgreSQL server, if it helps):
> LOG: could not accept SSL connection: no certificate
> returned
>
> So, in verifying the cert, bingo!
> $ openssl verify (etc)
> error 14 at 0 depth lookup:format error in
> certificate's notAfter field
> (same test was OK on server, so is this an OpenSSL
> version issue?)
>
> - Original Message -
> From: "Al"
> To: openssl-dev@openssl.org
> Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00
> US/Canada Eastern
> Subject: problem with creating cert with openssl x509
>
> I am trying to create a certificate with specific starting
> and ending dates. I searched around and it seems the
> parameter for -startdate from x509 is YYMMDDHHMMSSZ but when
> i tried to put the parameter:
> "-startdate 091119111506Z" i get unknown option
> 091119111506Z error. The statement in the script is
> something like:
> openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE}
> ..
> DAYSTILLEXPIRE is "-days 10" and that works fine
> but it doesnt like the parameters i put for STARTDATE
> anyone can help me out? thanks!
>
>
>
>
> __
> OpenSSL Project
>
> http://www.openssl.org
> Development Mailing List
>
> openssl-dev@openssl.org
> Automated List Manager
>
> majord...@openssl.org
>
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
Don't know that it will help, but can commiserate a little...(!)
We recently ran into a similar issue, ours related to notAfter:
In recent testing, we were able to issue a certificate with a notAfter field
without error, but
(this was against a PostgreSQL server, if it helps):
LOG: could not accept SSL connection: no certificate returned
So, in verifying the cert, bingo!
$ openssl verify (etc)
error 14 at 0 depth lookup:format error in certificate's notAfter field
(same test was OK on server, so is this an OpenSSL version issue?)
- Original Message -
From: "Al"
To: openssl-dev@openssl.org
Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00 US/Canada Eastern
Subject: problem with creating cert with openssl x509
I am trying to create a certificate with specific starting and ending dates. I
searched around and it seems the parameter for -startdate from x509 is
YYMMDDHHMMSSZ but when i tried to put the parameter:
"-startdate 091119111506Z" i get unknown option 091119111506Z error. The
statement in the script is something like:
openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} ..
DAYSTILLEXPIRE is "-days 10" and that works fine but it doesnt like the
parameters i put for STARTDATE anyone can help me out? thanks!
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
problem with creating cert with openssl x509
I am trying to create a certificate with specific starting and ending dates. I
searched around and it seems the parameter for -startdate from x509 is
YYMMDDHHMMSSZ but when i tried to put the parameter:
"-startdate 091119111506Z" i get unknown option 091119111506Z error. The
statement in the script is something like:
openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} ..
DAYSTILLEXPIRE is "-days 10" and that works fine but it doesnt like the
parameters i put for STARTDATE anyone can help me out? thanks!
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
