SSL Error: certificate is not yet valid.?

These are old archives. They are kept for historic purposes only.
Post Reply
lennon
Posts: 4
Joined: Sun Sep 26, 2004 5:50 pm

SSL Error: certificate is not yet valid.?

Post by lennon »

Hi all,
I have a problem whit SSL clients connection.
My machine : Slackware 9.0(2.4.20) whit OpenSSL 0.9.7d
Unreal version 3.2.1

In my unrealircd.conf I have this:

Code: Select all

  listen         XX.XX.XX.XX:9999
  {
        options
        {
               clientsonly;
               ssl;
        };
  };
and this:

Code: Select all

.............................
.............................
        };
                                                                                                                                                                     
        ssl {
                certificate server.cert.pem;
                key server.key.pem;
         };
                                                                                                                                                                     
        spamfilter {
..............................
..............................
My ircd server startup is ok:

Code: Select all

Starting UnrealIRCd
 _   _                      _ ___________  _____     _
| | | |                    | |_   _| ___ \/  __ \   | |
| | | |_ __  _ __ ___  __ _| | | | | |_/ /| /  \/ __| |
| | | | '_ \| '__/ _ \/ _` | | | | |    / | |    / _` |
| |_| | | | | | |  __/ (_| | |_| |_| |\ \ | \__/\ (_| |
 \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
                           v3.2.1
                     using TRE 0.6.8
                     using OpenSSL 0.9.7d 17 Mar 2004
                     using zlib 1.1.4
 
* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
* Dynamic configuration initialized .. booting IRCd.
---------------------------------------------------------------------
When I connect whit Xchat 2.4.0 whit my linux machine I have this error:

Code: Select all

................................
................................
[21:12] ---   Public key algorithm: rsaEncryption (1024 bits)
[21:12] ---   Public key algorithm uses ephemeral key with -1073743952 bits
[21:12] ---   Sign algorithm md5WithRSAEncryption (0 bits)
[21:12] ---   Valid since Sep 26 22:49:36 2004 GMT to Sep 26 22:49:36 2005 GMT
[21:12] --- * Cipher info:
[21:12] ---   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
[21:12] --- Connection failed. Error: certificate is not yet valid.? (9)
and the ircd logs send me this:

Code: Select all

[21:12] --- Exiting ssl client [@XX.XX.XX.XX.55720]: SSL_read(): Underlying syscall error
I have allready check "Accept invalid certificate" in xchat options. I try to connect whit different client.
Any ideas?

PS: sorry for my bad english
Top
shell
Posts: 10
Joined: Sat Sep 25, 2004 10:33 am
Contact:
Contact shell

Post by shell »

Look at your timestamp, then look at the date + time the cert is valid for.

Are you and the server in different time zones or something?
Top
lennon
Posts: 4
Joined: Sun Sep 26, 2004 5:50 pm

Post by lennon »

Today I'm able to connect:

Code: Select all

..............................
[01:15] --- * Verify E: self signed certificate.? (18) -- Ignored
[01:15] --- Connected. Now logging in..
.............................
Thanks a lot shell :wink:
Top
agel
Posts: 4
Joined: Thu Nov 11, 2004 5:46 am
Location: {Russia}

Post by agel »

shell wrote:Look at your timestamp, then look at the date + time the cert is valid for.

Are you and the server in different time zones or something?
sorry, but... how fix it? :oops:
/m w (t) b d l (t) r

[s0rry f0r mY 3nglish :]]
Top
agel
Posts: 4
Joined: Thu Nov 11, 2004 5:46 am
Location: {Russia}

Post by agel »

cool, i fix it, but now i see this:

--- Connection failed. Error: self signed certificate.? (18)

i accept bad cert and problem has solve... emmm.. now, how me make "good" cert?
/m w (t) b d l (t) r

[s0rry f0r mY 3nglish :]]
Top
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

You'd have to buy it, e.g. from verisign (http://www.verisign.com/) :?
Top
agel
Posts: 4
Joined: Thu Nov 11, 2004 5:46 am
Location: {Russia}

Post by agel »

maby some 'robingoods' write free tool to generate it? ((:
this real?
/m w (t) b d l (t) r

[s0rry f0r mY 3nglish :]]
Top
agel
Posts: 4
Joined: Thu Nov 11, 2004 5:46 am
Location: {Russia}

Post by agel »

»»

anybody talk me, how use it?: http://www.opennet.ru/docs/HOWTO/SSL-Ce ... tml#AEN127

dont think, that i lamo, i nowbie (more advice nowbie (:) (:, and i VERY VERY WANT FREEEE ssl cert! i assurance, that is real.. (:
/m w (t) b d l (t) r

[s0rry f0r mY 3nglish :]]
Top
Ron2K

Post by Ron2K »

agel wrote:cool, i fix it, but now i see this:

--- Connection failed. Error: self signed certificate.? (18)

i accept bad cert and problem has solve... emmm.. now, how me make "good" cert?
Erm, what about CAcert.org (or whatever that site is that's mentioned at the end of ./Config)?
Top
Post Reply

Return to “Unreal 3.2 Support”