En ik denken dat ik openssl nu wel een beetje kon begrijpen/snappen.....
Ik heb twee Linux systemen die server en client spelen voor openvpn.
Openssl/CA aanmaken, certificaatje maken, signen etc etc..
De log van openvpn (stukje) :
cm292093-a:~/vpn # openvpn --config tls-ds.conf
Sun Mar 7 00:57:10 2004 3: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Sun Mar 7 00:57:10 2004 4: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Sun Mar 7 00:57:10 2004 5: TUN/TAP device /dev/tap0 opened
Sun Mar 7 00:57:10 2004 6: Data Channel MTU parms [ L:1573 D:1573 EF:41 EB:0 ET:32 EL:0 ]
Sun Mar 7 00:57:10 2004 7: Local Options hash (VER=V3): '036d05dc'
Sun Mar 7 00:57:10 2004 8: Expected Remote Options hash (VER=V3): 'c76d612c'
Sun Mar 7 00:57:10 2004 9: UDPv4 link local (bound): [undef]:5000
Sun Mar 7 00:57:10 2004 10: UDPv4 link remote: 82.112.45.33:5000
Sun Mar 7 00:57:10 2004 11: TLS: tls_pre_decrypt: first response to initial packet from 82.112.45.33:5000, sid=9e90ae94 4f269873
Sun Mar 7 00:57:10 2004 12: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 7 00:57:10 2004 13: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 7 00:57:10 2004 14: VERIFY OK: depth=1
Sun Mar 7 00:57:10 2004 15: VERIFY ERROR: depth=0, error=certificate is not yet valid
Sun Mar 7 00:57:10 2004 16: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
De "belangrijkste.." melding :
error=certificate is not yet valid
Misschien kan ik niet lezen of snap ik het gewoon niet
Hoe krijg ik dat certificaat naar de status "yet valid".....
Ik heb twee Linux systemen die server en client spelen voor openvpn.
Openssl/CA aanmaken, certificaatje maken, signen etc etc..
De log van openvpn (stukje) :
cm292093-a:~/vpn # openvpn --config tls-ds.conf
Sun Mar 7 00:57:10 2004 3: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Sun Mar 7 00:57:10 2004 4: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Sun Mar 7 00:57:10 2004 5: TUN/TAP device /dev/tap0 opened
Sun Mar 7 00:57:10 2004 6: Data Channel MTU parms [ L:1573 D:1573 EF:41 EB:0 ET:32 EL:0 ]
Sun Mar 7 00:57:10 2004 7: Local Options hash (VER=V3): '036d05dc'
Sun Mar 7 00:57:10 2004 8: Expected Remote Options hash (VER=V3): 'c76d612c'
Sun Mar 7 00:57:10 2004 9: UDPv4 link local (bound): [undef]:5000
Sun Mar 7 00:57:10 2004 10: UDPv4 link remote: 82.112.45.33:5000
Sun Mar 7 00:57:10 2004 11: TLS: tls_pre_decrypt: first response to initial packet from 82.112.45.33:5000, sid=9e90ae94 4f269873
Sun Mar 7 00:57:10 2004 12: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 7 00:57:10 2004 13: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 7 00:57:10 2004 14: VERIFY OK: depth=1
Sun Mar 7 00:57:10 2004 15: VERIFY ERROR: depth=0, error=certificate is not yet valid
Sun Mar 7 00:57:10 2004 16: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
De "belangrijkste.." melding :
error=certificate is not yet valid
Misschien kan ik niet lezen of snap ik het gewoon niet
Hoe krijg ik dat certificaat naar de status "yet valid".....