This error comes from within OpenSSL. FreeRADIUS just does what OpenSSL tells it.
Can you verify the cert with the "openssl verify ..." test command? e.g. try this:
openssl verify -CAfile ca.pem -purpose sslserver server.pem
freeradius:/usr/local/CA # openssl verify -CAfile cacert.pem -purpose sslserver cert-srv.pem cert-srv.pem: OK
If this fails as well, then it's either a problem in OpenSSL or your system libraries with dates>2050. If it succeeds (which I doubt) then FreeRADIUS should work too.
I sort of admire your effort to future-proof your certs though! ;o)
why?
really, why? wat purpose does testing these dates have - you really think your current infrastructure, and techologies such as 802.1X are going to be around in the same format in even 20 years time?
No, of course not :) This is my curiosity led me to test such date.
anyway....I'm guessing these are 32 bit server and client OS ?
you may find, in that case, that your tests will work until you set the date beyond 2037 - 32bit OS have problems with dates after 2038
so, try this with KNOWN parameters - eg 2020 , within the 2038 timeframe and things should work.
The server is running SLES 11 SP1 (x86_64), a workstation running Windows XP SP3 (32bit). Authentication is successful until February 1, 2050, ie for example if you logged in December 31, 2049, then the authentication is successful. A little later, try the client computer under the control of 64bit. the results announced later.
participants (1)
-
Victor Guk