Hi, I´m trying to connect to my vpn server, using tunnelblick, but thinking this is a openssl stuff... may be I am wrong.
When connecting I got (XX is a placeholder) : 2020-12-22 17:32:49.423703 VERIFY ERROR: depth=0, error=format
error in certificate's notAfter field: C=es, L=PXXXX, O=XX, CN=XX,
emailAddress=XX, serial=17702460327850242852 I have checked this: https://mta.openssl.org/pipermail/openssl-users/2019-March/010018.html , but seems to be something different. When checking UTC field for server CA cert, I got: % openssl asn1parse -in ca.crt | grep UTC Why 'format error in certicate´s notAfter field' error?
thx --
|
On 22/12/2020 17:43, Raúl Uría Elices wrote: > Hi, > > I´m trying to connect to my vpn server, using tunnelblick, but thinking > this is a openssl stuff... may be I am wrong. > > > When connecting I got (XX is a placeholder) : > > 2020-12-22 17:32:49.423703 VERIFY ERROR: depth=0, error=format error in > certificate's notAfter field: C=es, L=PXXXX, O=XX, CN=XX, > emailAddress=XX, serial=17702460327850242852 > > I have checked this: > https://mta.openssl.org/pipermail/openssl-users/2019-March/010018.html , > but seems to be something different. > > When checking UTC field for server CA cert, I got: > > % openssl asn1parse -in ca.crt | grep UTC > 207:d=3 hl=2 l= 13 prim: UTCTIME :170908154452Z > 222:d=3 hl=2 l= 13 prim: UTCTIME :360718151218Z I don't see anything obviously wrong with those encodings. Are you willing to share the actual certificate? Matt |
Here it is:
-----BEGIN CERTIFICATE----- MIIESjCCA7OgAwIBAgIJAN4eHpcYq8eMMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD VQQGEwJlczEVMBMGA1UEBxMMUGVuYWNhc3RpbGxvMSYwJAYDVQQKEx1OT1JCRVJU IERFTlRSRVNTQU5HTEUgR0VSUE9TQTEyMDAGA1UEAxMpTk9SQkVSVCBERU5UUkVT U0FOR0xFIEdFUlBPU0EgV2ViQWRtaW4gQ0ExITAfBgkqhkiG9w0BCQEWEmFkbWlu QGFzdGFyby5sb2NhbDAeFw0xNzA5MDgxNTQ0NTJaFw0zNjA3MTgxNTEyMThaMGsx CzAJBgNVBAYTAmVzMRUwEwYDVQQHDAxQZW5hY2FzdGlsbG8xJjAkBgNVBAoMHU5P UkJFUlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBMR0wGwYDVQQDDBRhc2cyMjAuZ2Vy cG9zYS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+gNXRC WtsP9LANPgFJ1vj1/6naVUiHBq+AKgPePwOK6qbUczG+E8Zh8xr/JpcCjdrTLZNF rllVoEodthSvKnlaMI7qIgDWQE3MtVot5ARAZHFMob2uy3zeZ/uJniheYmj7BNy2 d6pkFzlZyPiNh65KIBbEuZEKAgKQwRAduYWk+689p2Jnujj13yodpOuGPSjr9inz qLTK1GIkTf51O6GMGiu5erj27LHKAJojAVSjMDJ1AeDAsNg+RLLDP/q+Fi0wLUwL MPq2rhiXZvVPjU/iukiwrzNHqwZTIwpayNatjoskKE/KS+ldEIhMlythOiPVWgYs zAUdD1G3HL4cQgECAwEAAaOCATcwggEzMB0GA1UdDgQWBBQqUYZktt2XccSH1Sp2 g8y8zwZ3nzCB2AYDVR0jBIHQMIHNgBSXppMhHL+r08UaJqK9kW36GvpusaGBqaSB pjCBozELMAkGA1UEBhMCZXMxFTATBgNVBAcTDFBlbmFjYXN0aWxsbzEmMCQGA1UE ChMdTk9SQkVSVCBERU5UUkVTU0FOR0xFIEdFUlBPU0ExMjAwBgNVBAMTKU5PUkJF UlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBIFdlYkFkbWluIENBMSEwHwYJKoZIhvcN AQkBFhJhZG1pbkBhc3Rhcm8ubG9jYWyCCQDeHh6XGKvHijAfBgNVHREEGDAWghRh c2cyMjAuZ2VycG9zYS5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq hkiG9w0BAQsFAAOBgQAqsvoAFxWEWSxZHtEgDHEBfflBJEm3QqAl8bMb3O4rOnIV ufq/dkAx6AYzmtFZhWMIJnh4ZTU8ULjuAkqC2yXEBktpSR9VQFKabToLSuAW9QC7 Db2ELKw8kXQgFxS0nkDhEgAitukcJ8TuVq7hlvRVwC6vnRRdKYaaT5cERZbDOg== -----END CERTIFICATE----- |
This certificate is not the same one causing the error message in your original email. The error message you provided earlier included "serial=17702460327850242852" (or f5:ab:c5:e0:63:f5:73:24 in hex) but the certificate you provided here has serial=16005263760024127372 (de:1e:1e:97:18:ab:c7:8c). Tom.III On Sun, Dec 27, 2020 at 11:50 PM Raúl Uría Elices <[hidden email]> wrote: Here it is: |
In reply to this post by Raúl Uría Elices
I'm sorry, but can't figure out which cert is the one with
serial=16005263760024127372. Getting certs from server (openssl s_client -connect x.y.z.w:443 -showcerts) neither of two certs showed have this serial number. I asked on tunnelblick group, but no luck at the moment ( https://groups.google.com/g/tunnelblick-discuss/c/7xKiioIZw34 ) |
Free forum by Nabble | Edit this page |