Hi Jakob & Michael & opensslers,
I'm sorry to ask a stupid question.
That I found when I used the openssl1.0.1f, it said the error log:
----------------------------------log--------------
/tmp # ./openssl s_client -connect curl.haxx.se:443 -CAfile ./cacert.pem
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=9:certificate is not yet valid ///////////////////////////new error
notBefore=Sep 30 21:12:19 2000 GMT
verify return:0
---
Certificate chain
0 s:/CN=anja.haxx.se
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
subject=/CN=anja.haxx.se
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 3148 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: FD6ABFB426CC33309DBEA4078A4D24A07D5A80A5093AB771504CEBEFDE022706
Session-ID-ctx:
Master-Key: 49725D111EC25DD193FB59E485CE32D5E0F3AD6E3269FF6617B2BC4E44ED7E4CCDDC6B05D799B69EA0FF6D974C54EBDE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
Start Time: 2002 /////////////////////////////////////// time 2002
Timeout : 300 (sec)
Verify return code: 9 (certificate is not yet valid)
---
closed
---------------------------------------------------------------------------------
Is this error occurred by the system clock of my platform?
Actually, I didn't do anything to synchronize time in my platform(no NTP).
Would this be a reason for my first issue and this issue?
I'm trying to do NTP now.
Thanks
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users