OpenConnect 证书验证失败,显示已过期,但事实并非如此!

OpenConnect 证书验证失败,显示已过期,但事实并非如此!

当我尝试使用 Ubuntu 中的 OpenConnect 客户端连接到我的 OCServ 时,它会引发一个错误:

Connected to x.x.x.x:yyy
SSL negotiation with server.domain.tld
Server certificate verify failed: certificate expired

Certificate from VPN server "server.domain.tld" failed verification.
Reason: certificate expired
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:02oy27uQkY5fMYDda0sSLIj1SbioAHRRbqUneUeI6OA=
Enter 'yes' to accept, 'no' to abort; anything else to view:

当我按下键查看证书时,有效期是正常的,并且没有过期!

X.509 Certificate Information:
Version: 3
Serial Number (hex): xyzxyzxyz..
Issuer: CN=R3,O=Let's Encrypt,C=US
Validity:
    Not Before: Wed Sep 08 21:10:50 UTC 2021
    Not After: Tue Dec 07 21:10:49 UTC 2021
Subject: CN=server.domain.tld
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Ultra (384 bits)
    Curve:  SECP384R1

我的系统日期是正确的,2021 年 10 月 3 日,星期日。在过去的一年里,它一直运行正常,但在最近的 letencrypt 证书自动续订之后,我注意到它不能正常工作。

答案1

尝试更新“ca-certificates”包。我遇到了同样的问题,我用这种方法解决了。

相关内容