centos - Unable to connect because your certificate is not yet valid. Check that your system time is correct - Server Fault
to customize your list.
Server Fault is a question and answer site for system and network administrators. It's 100% free, no registration required.
Here's how it works:
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
I do not know what I did wrong. My time is correct, I even updated it from Microsoft.
Client config:
tls-client
remote xx.xxx.xxx.xxx 80
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
route-method exe
route-delay 2
auth-user-pass
Server config:
local xx.xxx.xxx.xxx
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.0.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
persist-key
persist-tun
#status /etc/openvpn/logs/serverstatus-tcp.log
#log /etc/openvpn/logs/serverlog-tcp.log
duplicate-cn
#Limit server to a maximum of n concurrent clients.
max-clients 15
keepalive 20 300
Certificate
Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=PH, ST=Benguet, L=Baguio City, O=company, OU=section, CN=skyflakes/name=none/emailAddress=none
Not Before: Aug
8 09:08:14 2011 GMT
Not After : Aug
5 09:08:14 2021 GMT
Subject: C=PH, ST=Benguet, L=Baguio City, O=company, OU=section, CN=server/name=none/emailAddress=none
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cc:da:98:30:45:5b:45:1b:fb:19:dc:60:8a:07:
c1:f3:cd:0c:83:e2:a3:79:7a:5d:94:75:c9:7b:25:
30:36:c3:d9:51:f5:96:da:78:cf:d9:07:45:48:a6:
73:28:72:c4:bd:55:18:58:3e:f1:d4:a5:c3:1c:9b:
1c:22:c6:20:5e:c1:bb:14:d3:aa:f0:54:82:37:f6:
a1:47:75:75:a6:b4:a8:a7:d2:48:b8:f2:a0:ae:d0:
5d:1a:56:db:5e:b1:08:d9:d3:df:d5:56:ac:0b:0e:
39:0a:0c:6e:40:51:08:5e:c0:ae:32:85:a9:24:8f:
85:09:ff:72:16:26:e0:7e:cb
Exponent: 601)
X509v3 extensions:
X509v3 Basic Constraints:
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
17:33:2D:C1:E5:F9:D0:AB:14:26:19:E5:C8:DC:BA:8E:D6:2C:81:01
X509v3 Authority Key Identifier:
keyid:AA:67:18:6E:E4:40:97:79:FC:52:78:ED:D1:30:C4:91:87:DC:24:58
DirName:/C=PH/ST=Benguet/L=Baguio City/O=company/OU=section/CN=skyflakes/name=none/emailAddress=none
serial:8E:66:F7:71:7B:7C:8E:78
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
7e:cb:b2:73:3a:16:50:1a:88:e3:ad:e3:07:89:03:03:7b:42:
0f:67:52:29:67:31:c1:18:aa:70:5a:bc:cf:4a:40:4b:41:c2:
1b:08:cc:03:a5:70:ac:2b:bd:86:fb:c0:ec:99:eb:fb:cc:fc:
99:e4:ea:a2:c0:59:66:a0:c6:22:4e:3e:43:20:87:e2:4e:48:
d9:f4:9b:8e:f1:4b:e1:f0:7d:55:d6:85:ad:d1:70:7d:59:42:
58:d4:21:22:9b:51:09:bb:e0:e8:05:75:1a:4c:a9:1d:a3:57:
fd:77:57:70:5b:4c:36:4f:99:73:c8:4d:eb:d3:5b:d1:38:ca:
-----BEGIN CERTIFICATE-----
MIIEVTCCA76gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMCUEgx
EDAOBgNVBAgTB0Jlbmd1ZXQxFDASBgNVBAcTC0JhZ3VpbyBDaXR5MRAwDgYDVQQK
Ewdjb21wYW55MRAwDgYDVQQLEwdzZWN0aW9uMRIwEAYDVQQDEwlza3lmbGFrZXMx
GTAXBgNVBCkTEEpvaG4gQ3lydXMgRGF2aWQxJTAjBgkqhkiG9w0BCQEWFmFwYXRo
ZXRpYzAxMkBnbWFpbC5jb20wHhcNMTEwODA4MDkwODE0WhcNMjEwODA1MDkwODE0
WjCBrDELMAkGA1UEBhMCUEgxEDAOBgNVBAgTB0Jlbmd1ZXQxFDASBgNVBAcTC0Jh
Z3VpbyBDaXR5MRAwDgYDVQQKEwdjb21wYW55MRAwDgYDVQQLEwdzZWN0aW9uMQ8w
DQYDVQQDEwZzZXJ2ZXIxGTAXBgNVBCkTEEpvaG4gQ3lydXMgRGF2aWQxJTAjBgkq
hkiG9w0BCQEWFmFwYXRoZXRpYzAxMkBnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAMzamDBFW0Ub+xncYIoHwfPNDIPio3l6XZR1yXslMDbD2VH1
ltp4z9kHRUimcyhyxL1VGFg+8dSlwxybHCLGIF7BuxTTqvBUgjf2oUd1daa0qKfS
SLjyoK7QXRpW216xCNnT39VWrAsOOQoMbkBRCF7ArjKFqSSPhQn/chYm4H7LAgMB
AAGjggGAMIIBfDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgB
hvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUFzMtweX50KsUJhnlyNy6jtYsgQEwgeQGA1UdIwSB3DCB2YAUqmcY
buRAl3n8Unjt0TDEkYfcJFihgbWkgbIwga8xCzAJBgNVBAYTAlBIMRAwDgYDVQQI
EwdCZW5ndWV0MRQwEgYDVQQHEwtCYWd1aW8gQ2l0eTEQMA4GA1UEChMHY29tcGFu
eTEQMA4GA1UECxMHc2VjdGlvbjESMBAGA1UEAxMJc2t5Zmxha2VzMRkwFwYDVQQp
ExBKb2huIEN5cnVzIERhdmlkMSUwIwYJKoZIhvcNAQkBFhZhcGF0aGV0aWMwMTJA
Z21haWwuY29tggkAjmb3cXt8jngwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0P
BAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAH7LsnM6FlAaiOOt4weJAwN7Qg9nUiln
McEYqnBavM9KQEtBwhsIzAOlcKwrvYb7wOyZ6/vM/Jnk6qLAWWagxiJOPkMgh+JO
SNn0m47xS+HwfVXWha3RcH1ZQljUISKbUQm74OgFdRpMqR2jV/13V3BbTDZPmXPI
TevTW9E4yrDY
-----END CERTIFICATE-----
79.2k790169
I'm reading your question at 0939BST on 08.08.2011, which is 0839GMT 08.08.2011, and it says you wrote the question some 9 hours ago.
That certificate says its validity is "Not Before: Aug
8 09:08:14 2011 GMT", so it's not going to be valid for another 29 minutes yet, and it wasn't yet valid when you wrote the question.
Wait half a it's perfectly possible that everybody's clocks are correct, and that the error message means exactly what it says!
51.4k593151
I had this problem too... Check and update the date/time on both client and server. In my case the server clock was NOT correct when the certificate was created. You may either wait until the certificate become valid -- OR -- correct the clock (date and time) on server, then DELETE old certificates and RE-ISSUE all certificates.
Even if the time reads correct, verify that the time-zone is correct.
I've had this bite me in the past (though not when using NTP) and it is pretty easy to correct if you have a time source.
On Ubuntu the tool to change the time-zone system-wide is tzselect, and you can edit the display time zone on a short-term or personal basis using the TZ environment variable.
To display the current time zone:
The system time zone:
cat /etc/timezone
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Upcoming Events
Server Fault works best with JavaScript enabled