![“证书的 notBefore 字段中存在格式错误”,但 x509 -text 显示有效的“Not Before”](https://linux22.com/image/107064/%E2%80%9C%E8%AF%81%E4%B9%A6%E7%9A%84%20notBefore%20%E5%AD%97%E6%AE%B5%E4%B8%AD%E5%AD%98%E5%9C%A8%E6%A0%BC%E5%BC%8F%E9%94%99%E8%AF%AF%E2%80%9D%EF%BC%8C%E4%BD%86%20x509%20-text%20%E6%98%BE%E7%A4%BA%E6%9C%89%E6%95%88%E7%9A%84%E2%80%9CNot%20Before%E2%80%9D.png)
我正在更新 VPN 配置的证书。当我检查有效性时:
openssl verify -CAfile keys/ca.crt -verbose keys/example.org.crt
C = XX, ST = XX, L = City, O = Example, OU = Manager, CN = example.org, name = EasyRSA, emailAddress = somemail
error 13 at 0 depth lookup: format error in certificate's notBefore field
error keys/example.org.crt: verification failed
但用 x509 检查显示之前没有有效:
openssl x509 -in keys/example.org.crt -text Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha512WithRSAEncryption
Validity
Not Before: Mar 4 00:00:00 2017
Not After : Apr 1 00:00:00 2018
我签发了以下证书tldp指南:
openssl ca -config openssl-1.0.0.cnf -extensions server -days 375 -notext -md sha512 -in keys/example.org.csr -out keys/example.org.crt -startdate 20170304000000 -enddate 20180401000000
答案1
当您确定开始/结束日期时,您还必须设置时区!这是一个有效的证书:
Certificate:
Data:
Version: 3 (0x2)
[...]
Not Before: Mar 5 03:01:35 2016 GMT
Not After : Mar 5 03:01:35 2017 GMT
-start/enddate 选项应该格式化YYMMDDHHMMSSZ
,你的缺少最后的 Z。