5 Dec
2011
5 Dec
'11
4:49 a.m.
On 12/05/2011 08:25 AM, Victor Guk wrote:
[tls] <<< TLS 1.0 Handshake [length 0249], Certificate --> verify error:num=9:certificate is not yet valid [tls] >>> TLS 1.0 Alert [length 0002], fatal bad_certificate TLS Alert write:fatal:bad certificate
This error comes from within OpenSSL. FreeRADIUS just does what OpenSSL tells it. Can you verify the cert with the "openssl verify ..." test command? e.g. try this: openssl verify -CAfile ca.pem -purpose sslserver server.pem If this fails as well, then it's either a problem in OpenSSL or your system libraries with dates >2050. If it succeeds (which I doubt) then FreeRADIUS should work too. I sort of admire your effort to future-proof your certs though! ;o) Cheers, Phil