ClearOS 5.2 new installation
OpenVPN certificates problems
Certificate autorithy borns outdated 1902 year.
how i can solve this problem ??
System- Security- Certificate Manager -Certificate Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a5:28:84:5a:61:d2:f2:d6
Signature Algorithm: md5WithRSAEncryption
Issuer: O=Metal Envases, OU=informatica/emailAddress=security@metalenvases.com, L=GUATEMALA, ST=ciudad, C=GT, CN=ca.metalenvases.com
Validity
Not Before: Feb 12 15:46:20 2013 GMT
Not After : Jan 1 09:18:04 1902 GMT
Subject: O=Metal Envases, OU=informatica/emailAddress=security@metalenvases.com, L=GUATEMALA, ST=ciudad, C=GT, CN=ca.metalenvases.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b4:6c:e8:57:72:0f:9c:76:5e:ce:f8:14
OpenVPN certificates problems
Certificate autorithy borns outdated 1902 year.
how i can solve this problem ??
System- Security- Certificate Manager -Certificate Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a5:28:84:5a:61:d2:f2:d6
Signature Algorithm: md5WithRSAEncryption
Issuer: O=Metal Envases, OU=informatica/emailAddress=security@metalenvases.com, L=GUATEMALA, ST=ciudad, C=GT, CN=ca.metalenvases.com
Validity
Not Before: Feb 12 15:46:20 2013 GMT
Not After : Jan 1 09:18:04 1902 GMT
Subject: O=Metal Envases, OU=informatica/emailAddress=security@metalenvases.com, L=GUATEMALA, ST=ciudad, C=GT, CN=ca.metalenvases.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b4:6c:e8:57:72:0f:9c:76:5e:ce:f8:14
Share this post:
Responses (9)
-
Accepted Answer
-
Accepted Answer
There is an "Unix Millennium bugUnix Millennium bug".
OpenSSL suffer from this bug..
I deleted the ca certificate and before creating an new one I changed /etc/ssl/openssl.cnf
[ ca ]
default_days = 8125
but recreating the certificate the file was automatically changed back to default 9125 days.
So I start searching for this number: find /var -type f | xargs grep -l 9125
that revealed the file that must be changed:
/var/webconfig/api/Ssl.class.php
Just edit this file for a number of days so the validity period of certificate won't exceed the 2038 year (ex: 8125 for me was OK)
Regards,
Ovidiu. -
Accepted Answer
Thanks for the replies Tim and Steve.
I suspect this is a *nix time_t issue but as I'm not a programmer I'm only guessing.
As I'm remote from the main ClearOS box, turning off the valid IP address isn't an ideal option, but I'll keep it in mind Steve.
Is it possible to use the openssl command line tool to alter the expiry date on an existing certificate, and if so would this possibly resolve the issue? I'm thinking that if I were able to modify the expiry date to a shorter time frame it might solve the issue. (remembering that I'm trying to achieve all this via remote access, so I can't afford SSH AND the Web GUI to both go down simultaneously) -
Accepted Answer
I had the same problem and i solved in this way on a clean install:
set the computer date to year 2011, when install clearos use wrong tcp/ip value so the sistem can't update the correct date. Go on til the certificate creation, check at system:certificate manager:certificate authority that the expiry date is correct, then set the correct tcp value and set the correct date. Voila. now i can connect through openvpn. -
Accepted Answer
-
Accepted Answer
I have the same problem now too.
After changing the domain name of my system, I went to recreate a new ca and system certificate. After creating the system certificate (which seemed to work correctly in the Web UI), I refreshed my browser and found the new certificate had been generated with the following dates:
Not Before: Feb 22 12:55:49 2013 GMT
Not After : Jan 11 06:27:33 1902 GMT
I am now unable to delete the certificate, as if I try, I receive the error "entry 54: invalid expiry date" from the Web UI (see the attached screen shot). I also receive the same error if I try to renew the certificate.
Is there any way to delete / renew the certificates from the command line, and would this help?
I don't have the option to try a fresh install.
-
Accepted Answer
-
Accepted Answer
Hi Alejandro, that's strange - the expiry date should be 25years from the creation date, i.e. around 2028
If you don't have many certificates you could delete it and recreate another one?
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
aa:bb:cc:dd:ee:ff:gg:hh
Signature Algorithm: md5WithRSAEncryption
Issuer: O=UK2.net, OU=VPS Host/emailAddress=security@domain.com, L=-, ST=-, C=GB, CN=ca.domain.com
Validity
Not Before: Mar 23 00:47:47 2012 GMT
Not After : Mar 17 00:47:47 2037 GMT
Subject: O=UK2.net, OU=VPS Host/emailAddress=security@domain.com, L=-, ST=-, C=GB, CN=ca.domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »