
<table cellspacing='0' cellpadding='0' border='0' background='none' style='font-family:arial;font-size:10pt;color:rgb(51, 51, 51);background-color:rgb(255, 255, 255);width:100%;'><tr><td valign='top' style='font: inherit;'>Hi,<br>

<span style="font-family: monospace;"><br>

Can anyone here help me to fix the error below:<br>

I run instruction in README such<br>

make ca.pem<br>

make ca.der<br>

make server.pem<br>

make server.csr<br>

make client.pem<br>

<br>

and then copy ca.der, client.p12 then I install the certificate into Windows XP.<br>

When click the client certificate and it shows<br>

"Windows doesn't have enough information to verify this certificate"<br>

Server cert in Trusted Root Cert<br>

"This certificate has expired or is not yet valid.<br>

<br>

here the ca.cnf<br>

[ ca ]<br>

default_ca              = CA_default<br>

<br>

[ CA_default ]<br>

dir                     = ./<br>

certs                   = $dir<br>

crl_dir                 = $dir/crl<br>

database                = $dir/index.txt<br>

new_certs_dir           = $dir<br>

certificate             = $dir/ca.pem<br>

serial                  = $dir/serial<br>

crl                    

= $dir/crl.pem<br>

private_key             = $dir/ca.key<br>

RANDFILE                = $dir/.rand<br>

name_opt                = ca_default<br>

cert_opt                = ca_default<br>

default_days            = 1095<br>

default_crl_days        = 365<br>

default_md              = md5<br>

preserve                = no<br>

policy                  = policy_match<br>

<br>

[ policy_match ]<br>

countryName             = match<br>

stateOrProvinceName     = match<br>

organizationName        = match<br>

organizationalUnitName  = optional<br>

commonName              = supplied<br>

emailAddress            = optional<br>

<br>

[ policy_anything ]<br>

countryName             = optional<br>

stateOrProvinceName     = optional<br>

localityName            = optional<br>

organizationName        = optional<br>

organizationalUnitName  = optional<br>

commonName              = supplied<br>

emailAddress            = optional<br>

<br>

[ req ]<br>

prompt                  = no<br>

distinguished_name      = certificate_authority<br>

default_bits            = 2048<br>

input_password          = 123<br>

output_password         = 123<br>

x509_extensions         = v3_ca<br>

<br>

[certificate_authority]<br>

countryName             = FR<br>

stateOrProvinceName     = Radius<br>

localityName            = Somewhere<br>

organizationName        = Example Inc.<br>

emailAddress            = admin@example.com<br>

commonName              = "Certificate Authority"<br>

<br>

[v3_ca]<br>

subjectKeyIdentifier    = hash<br>

authorityKeyIdentifier  = keyid:always,issuer:always<br>

basicConstraints        = CA:true<br>

<br>

The only thing I'd changed the ca.cnf, client.cnf, server.cnf were default_days and default_crl_days.<br>

<br>

<br>

</span></td></tr></table><br>