服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法连接,因为您的证书尚未有效。 检查你的系统时间是否正确
Intereting Posts
运行额外的terminal服务会话需要哪些Windows许可证 刷新日历上的鱿鱼caching 在Windows 2008 64位IIS 7上安装PHP MSSQL驱动程序 – 无法加载dynamic库 debugging端口转发以远程使用Jupyter笔记本 在Debian Lenny上奇怪的ifup / ifdown行为 使用桥接(tapped?)networking运行两个Ubuntu KVM虚拟机 如何在运行Ubuntu的Dell Mini9上调整鼠标灵敏度? 服务器的证书与主机名在同一台服务器上的多个域不匹配 Cisco 3925的救援configuration 为什么DU会导致高CPU使用率? 从另一个networking到达机器(将RDP连接到同一networking中的另一台机器) 我如何certificate一个Web服务器和网站正在工作? 什么文件是IIScaching? 如何安全地在DigitalOcean上的Kubernetes(或类似的)上存储数据和数据库 将多个主设备复制到单个从服务器

无法连接,因为您的证书尚未有效。 检查你的系统时间是否正确

我不知道我做错了什么。 我的时间是正确的,我甚至从微软更新了它。

客户端configuration: 

tls-client client dev tun proto udp remote xx.xxx.xxx.xxx 80 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun comp-lzo verb 3 reneg-sec 0 route-method exe route-delay 2 ca ca.crt auth-user-pass

服务器configuration: 

 local xx.xxx.xxx.xxx port 80 proto udp dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.0.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" comp-lzo persist-key persist-tun #status /etc/openvpn/logs/serverstatus-tcp.log #log /etc/openvpn/logs/serverlog-tcp.log verb 3 float duplicate-cn #Limit server to a maximum of n concurrent clients. max-clients 15 keepalive 20 300

证书 

 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=PH, ST=Benguet, L=Baguio City, O=company, OU=section, CN=skyflakes/name=none/emailAddress=none Validity Not Before: Aug 8 09:08:14 2011 GMT Not After : Aug 5 09:08:14 2021 GMT Subject: C=PH, ST=Benguet, L=Baguio City, O=company, OU=section, CN=server/name=none/emailAddress=none Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cc:da:98:30:45:5b:45:1b:fb:19:dc:60:8a:07: c1:f3:cd:0c:83:e2:a3:79:7a:5d:94:75:c9:7b:25: 30:36:c3:d9:51:f5:96:da:78:cf:d9:07:45:48:a6: 73:28:72:c4:bd:55:18:58:3e:f1:d4:a5:c3:1c:9b: 1c:22:c6:20:5e:c1:bb:14:d3:aa:f0:54:82:37:f6: a1:47:75:75:a6:b4:a8:a7:d2:48:b8:f2:a0:ae:d0: 5d:1a:56:db:5e:b1:08:d9:d3:df:d5:56:ac:0b:0e: 39:0a:0c:6e:40:51:08:5e:c0:ae:32:85:a9:24:8f: 85:09:ff:72:16:26:e0:7e:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: Easy-RSA Generated Server Certificate X509v3 Subject Key Identifier: 17:33:2D:C1:E5:F9:D0:AB:14:26:19:E5:C8:DC:BA:8E:D6:2C:81:01 X509v3 Authority Key Identifier: keyid:AA:67:18:6E:E4:40:97:79:FC:52:78:ED:D1:30:C4:91:87:DC:24:58 DirName:/C=PH/ST=Benguet/L=Baguio City/O=company/OU=section/CN=skyflakes/name=none/emailAddress=none serial:8E:66:F7:71:7B:7C:8E:78 X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Digital Signature, Key Encipherment Signature Algorithm: sha1WithRSAEncryption 7e:cb:b2:73:3a:16:50:1a:88:e3:ad:e3:07:89:03:03:7b:42: 0f:67:52:29:67:31:c1:18:aa:70:5a:bc:cf:4a:40:4b:41:c2: 1b:08:cc:03:a5:70:ac:2b:bd:86:fb:c0:ec:99:eb:fb:cc:fc: 99:e4:ea:a2:c0:59:66:a0:c6:22:4e:3e:43:20:87:e2:4e:48: d9:f4:9b:8e:f1:4b:e1:f0:7d:55:d6:85:ad:d1:70:7d:59:42: 58:d4:21:22:9b:51:09:bb:e0:e8:05:75:1a:4c:a9:1d:a3:57: fd:77:57:70:5b:4c:36:4f:99:73:c8:4d:eb:d3:5b:d1:38:ca: b0:d8 -----BEGIN CERTIFICATE----- MIIEVTCCA76gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMCUEgx EDAOBgNVBAgTB0Jlbmd1ZXQxFDASBgNVBAcTC0JhZ3VpbyBDaXR5MRAwDgYDVQQK Ewdjb21wYW55MRAwDgYDVQQLEwdzZWN0aW9uMRIwEAYDVQQDEwlza3lmbGFrZXMx GTAXBgNVBCkTEEpvaG4gQ3lydXMgRGF2aWQxJTAjBgkqhkiG9w0BCQEWFmFwYXRo ZXRpYzAxMkBnbWFpbC5jb20wHhcNMTEwODA4MDkwODE0WhcNMjEwODA1MDkwODE0 WjCBrDELMAkGA1UEBhMCUEgxEDAOBgNVBAgTB0Jlbmd1ZXQxFDASBgNVBAcTC0Jh Z3VpbyBDaXR5MRAwDgYDVQQKEwdjb21wYW55MRAwDgYDVQQLEwdzZWN0aW9uMQ8w DQYDVQQDEwZzZXJ2ZXIxGTAXBgNVBCkTEEpvaG4gQ3lydXMgRGF2aWQxJTAjBgkq hkiG9w0BCQEWFmFwYXRoZXRpYzAxMkBnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEB BQADgY0AMIGJAoGBAMzamDBFW0Ub+xncYIoHwfPNDIPio3l6XZR1yXslMDbD2VH1 ltp4z9kHRUimcyhyxL1VGFg+8dSlwxybHCLGIF7BuxTTqvBUgjf2oUd1daa0qKfS SLjyoK7QXRpW216xCNnT39VWrAsOOQoMbkBRCF7ArjKFqSSPhQn/chYm4H7LAgMB AAGjggGAMIIBfDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgB hvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAd BgNVHQ4EFgQUFzMtweX50KsUJhnlyNy6jtYsgQEwgeQGA1UdIwSB3DCB2YAUqmcY buRAl3n8Unjt0TDEkYfcJFihgbWkgbIwga8xCzAJBgNVBAYTAlBIMRAwDgYDVQQI EwdCZW5ndWV0MRQwEgYDVQQHEwtCYWd1aW8gQ2l0eTEQMA4GA1UEChMHY29tcGFu eTEQMA4GA1UECxMHc2VjdGlvbjESMBAGA1UEAxMJc2t5Zmxha2VzMRkwFwYDVQQp ExBKb2huIEN5cnVzIERhdmlkMSUwIwYJKoZIhvcNAQkBFhZhcGF0aGV0aWMwMTJA Z21haWwuY29tggkAjmb3cXt8jngwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0P BAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAH7LsnM6FlAaiOOt4weJAwN7Qg9nUiln McEYqnBavM9KQEtBwhsIzAOlcKwrvYb7wOyZ6/vM/Jnk6qLAWWagxiJOPkMgh+JO SNn0m47xS+HwfVXWha3RcH1ZQljUISKbUQm74OgFdRpMqR2jV/13V3BbTDZPmXPI TevTW9E4yrDY -----END CERTIFICATE-----

我在2011年8月8日0939BST(0839GMT 08.08.2011)上阅读了您的问题,并且说您在9小时前写下了这个问题。 该证书表示其有效期为“Not Before:Aug 8 09:08:14 2011 GMT”,所以这还不到29分钟有效,而且在你写这个问题的时候还没有有效。 等待半小时,然后再试一次; 每个人的时钟都是正确的,而且这个错误信息完全可能意味着它说了什么!

我也有这个问题…检查并更新客户端和服务器上的date/时间。 在我的情况下,创build证书时,服务器时钟不正确。 您可以等到证书有效 – 或者 – 更正服务器上的时钟(date和时间),然后删除旧证书,重新发送所有证书。

即使时间正确,请确认时区是否正确。 我曾经咬过我(虽然不是在使用NTP的时候),如果你有一个时间源,很容易纠正。 在Ubuntu上,更改系统时区的工具是tzselect,您可以使用TZ环境variables以短期或个人的方式编辑显示时区。

要显示当前时区:date+%Z

系统时区:cat / etc / timezone