Hi,
I have an issue with openssl. Basically I have a ca certificate which has expired and I have regenerated a new ca.cert from the ca.key file and I have concatenated the output of the new ca.crt file and ca-bundle.crt to a new ca-bundle.crt.
Have restarted apache, however I still get the message
Error 10 : certificate has expired.
Following are my config details
OS : Mandrake Linux release 9.1 (Bamboo) for i586
Apache : apache2-2.0.47-1.9.91mdk
Openssl : openssl-0.9.7a-1.3.91mdk
My updated ca.cert file has the following validity
[root@Server1 root]# openssl x509 -in /etc/ssl/ca/ca.crt -noout -text | grep -A2 -i valid
Validity
Not Before: Apr 28 09:23:45 2014 GMT
Not After : Apr 25 09:23:45 2025 GMT
And the ca-bundle has the following validity
[root@Server1 root]# openssl x509 -in /etc/ssl/ca/ca-bundle.crt -noout -text | grep -A2 -i valid
Validity
Not Before: Aug 6 08:19:21 2003 GMT
Not After : Aug 3 08:19:21 2014 GMT
When I verify a certificate which was signed by the CA ( prior to expiry ) I get the following error
[root@Server1 root]# openssl verify -CAfile /etc/ssl/ca/ca-bundle.crt -verbose /etc/ssl/apache/downweb1.crt
/etc/ssl/apache/downweb1.crt: /C=XX/ST=YYYY/L=abc/O=ACME International/OU=Sales/CN=SALES CA/emailAddress=bogus@sales.in
error 10 at 1 depth lookup:certificate has expired
OK
Any idea how to renew an expired CA bundle.
Thanks in advance