Archive

Posts Tagged ‘ssl’

ssl fun

June 8th, 2011 No comments

i”m trying to set up an openvpn and ran into SSL errors when I tried to connect. So I looked at the errors at the server:

TLS Error: TLS handshake failed

Not that helpful so i looked at the client log:

TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

But something interesting caught my eye, further down the error log there’s something like:

VERIFY ERROR: depth=1, error=certificate is not yet valid

Not YET??? valid? So I checked the cert on the server:

openssl verify -CAfile ca.crt -purpose sslclient client.crt
client.crt: OK

Now the same on the client:

openssl verify -CAfile ca.crt -purpose sslclient client.crt
error 9 at 1 depth lookup:certificate is not yet valid

That is where I relized what might have happend and looked at the date on both machines – guess what:

Server: Thu Jun  9 05:48:21 GMT 2011
Client: Wed Jun  8 18:03:04 CEST 2011

So I’ll wait till tomorrow . . . 😉

Categories: software Tags: , ,

Patches to major browser indicate compromised certificate authority

March 23rd, 2011 No comments

This is some very disturbing news – erm – if i think of it – not really . . .
As it seems someone managed to compromise a larger CA. So there are now unsafe certificates in the wild. At least Firefox 4 and Chrome seem to be aware of that -but I definitely advice to read the full article: https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

Categories: software Tags: , , ,