Can't sign request: entry 8: invalid expiry date

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Can't sign request: entry 8: invalid expiry date

Petr Silhavy
Hello,
I've got this strange error while trying to sign request created by
./CA.sh -newreq

openssl ca -policy policy_anything -days 100 -out newcert.pem -infiles newreq.pem
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for ./CA/private/cakey.pem:
entry 8: invalid expiry date
27459:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('./CA/index.txt.attr','rb')
27459:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
27459:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:

No newcert.pem is created. Last "successfully" signed certificate has expire
date ~1902, probably (time_t)-1. Tested under openssl-0.9.7c and openssl-0.9.8a.
Playing with -days and -enddate doesn't help. Thanks in advance.
--
        Petr Silhavy <[hidden email]>

Just because you're paranoid doesn't mean they AREN'T after you. --fortune
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Can't sign request: entry 8: invalid expiry date

Kyle Hamilton
What's the validity period for your CA certificate?

and did you really mean '1902'?

-Kyle H

On 2/3/06, Petr Silhavy <[hidden email]> wrote:

> Hello,
> I've got this strange error while trying to sign request created by
> ./CA.sh -newreq
>
> openssl ca -policy policy_anything -days 100 -out newcert.pem -infiles newreq.pem
> Using configuration from /usr/local/ssl/openssl.cnf
> Enter pass phrase for ./CA/private/cakey.pem:
> entry 8: invalid expiry date
> 27459:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('./CA/index.txt.attr','rb')
> 27459:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
> 27459:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:
>
> No newcert.pem is created. Last "successfully" signed certificate has expire
> date ~1902, probably (time_t)-1. Tested under openssl-0.9.7c and openssl-0.9.8a.
> Playing with -days and -enddate doesn't help. Thanks in advance.
> --
>         Petr Silhavy                            <[hidden email]>
>
> Just because you're paranoid doesn't mean they AREN'T after you. --fortune
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Can't sign request: entry 8: invalid expiry date

Petr Silhavy
Kyle Hamilton <[hidden email]> writes:

> What's the validity period for your CA certificate?
>
openssl x509 -in CA/cacert.pem -dates
notBefore=Oct  1 14:24:42 2003 GMT
notAfter=Aug  8 14:24:42 2036 GMT
...
> and did you really mean '1902'?
yes

>
> -Kyle H
>
> On 2/3/06, Petr Silhavy <[hidden email]> wrote:
>> Hello,
>> I've got this strange error while trying to sign request created by
>> ./CA.sh -newreq
>>
>> openssl ca -policy policy_anything -days 100 -out newcert.pem -infiles newreq.pem
>> Using configuration from /usr/local/ssl/openssl.cnf
>> Enter pass phrase for ./CA/private/cakey.pem:
>> entry 8: invalid expiry date
>> 27459:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('./CA/index.txt.attr','rb')
>> 27459:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
>> 27459:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:
>>
>> No newcert.pem is created. Last "successfully" signed certificate has expire
>> date ~1902, probably (time_t)-1. Tested under openssl-0.9.7c and openssl-0.9.8a.
>> Playing with -days and -enddate doesn't help. Thanks in advance.
PS sorry for replaying off-list, this week openssl.org responds to my mails
with :
550 Client host rejected: cannot find your hostname, [194.213.62.98]
--
        Petr Silhavy <[hidden email]>

Just because you're paranoid doesn't mean they AREN'T after you. --fortune
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Fwd: Can't sign request: entry 8: invalid expiry date

Kyle Hamilton
In reply to this post by Kyle Hamilton
...this is making no sense to me, does anyone else have a clue?
(Forwarding due to problems with the original poster's mailer.)

-Kyle H

---------- Forwarded message ----------
From: Petr Silhavy <[hidden email]>
Date: Feb 7, 2006 8:38 AM
Subject: Re: Can't sign request: entry 8: invalid expiry date
To: [hidden email]
Cc: [hidden email]


Kyle Hamilton <[hidden email]> writes:

> What's the validity period for your CA certificate?
>
openssl x509 -in CA/cacert.pem -dates
notBefore=Oct  1 14:24:42 2003 GMT
notAfter=Aug  8 14:24:42 2036 GMT
...
> and did you really mean '1902'?
yes
>
> -Kyle H
>
> On 2/3/06, Petr Silhavy <[hidden email]> wrote:
>> Hello,
>> I've got this strange error while trying to sign request created by
>> ./CA.sh -newreq
>>
>> openssl ca -policy policy_anything -days 100 -out newcert.pem
-infiles newreq.pem
>> Using configuration from /usr/local/ssl/openssl.cnf
>> Enter pass phrase for ./CA/private/cakey.pem:
>> entry 8: invalid expiry date
>> 27459:error:02001002:system library:fopen:No such file or
directory:bss_file.c:122:fopen('./CA/index.txt.attr','rb')
>> 27459:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
>> 27459:error:0E078072:configuration file routines:DEF_LOAD:no such
file:conf_def.c:197:
>>
>> No newcert.pem is created. Last "successfully" signed certificate has expire
>> date ~1902, probably (time_t)-1. Tested under openssl-0.9.7c and
openssl-0.9.8a.
>> Playing with -days and -enddate doesn't help. Thanks in advance.
PS sorry for replaying off-list, this week openssl.org responds to my mails
with :
550 Client host rejected: cannot find your hostname, [194.213.62.98]
--
        Petr Silhavy                            <[hidden email]>

Just because you're paranoid doesn't mean they AREN'T after you. --fortune
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Can't sign request: entry 8: invalid expiry date

Petr Silhavy-2
In reply to this post by Petr Silhavy
Commenting out apps/ca.c line 898-902 does "solve" this problem. IMHO
this looks like bug in check_time_format. Does anybody know less dirty
solution ?
--
Petr Silhavy

Just because you're paranoid doesn't mean they AREN'T after you. --fortune
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]