Re: It reported verify error:num=20:unable to get local issuer certificate in my embedded linux device, when I used the openssl command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jakob & Michael & opensslers,

I'm sorry to ask a stupid question.
That I found when I used the openssl1.0.1f, it said the error log:
----------------------------------log--------------
/tmp # ./openssl s_client -connect curl.haxx.se:443 -CAfile ./cacert.pem 
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=9:certificate is not yet valid                   ///////////////////////////new error
notBefore=Sep 30 21:12:19 2000 GMT
verify return:0
---
Certificate chain
 0 s:/CN=anja.haxx.se
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
subject=/CN=anja.haxx.se
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 3148 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: FD6ABFB426CC33309DBEA4078A4D24A07D5A80A5093AB771504CEBEFDE022706
    Session-ID-ctx: 
    Master-Key: 49725D111EC25DD193FB59E485CE32D5E0F3AD6E3269FF6617B2BC4E44ED7E4CCDDC6B05D799B69EA0FF6D974C54EBDE
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:

    Start Time: 2002                              /////////////////////////////////////// time 2002
    Timeout   : 300 (sec)
    Verify return code: 9 (certificate is not yet valid)
---
closed
---------------------------------------------------------------------------------
Is this error occurred by the system clock of my platform?
Actually, I didn't do anything to synchronize time in my platform(no NTP).
Would this be a reason for my first issue and this issue?
I'm trying to do NTP now.

Thanks

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux