Closed luckypoem closed 5 years ago
Hi,
If the client shows Verification error for certificate: <nil>
, that means that verification of the remote certificate was successful (no error). The client connection is working correctly.
Are you sure blogspot was online at the time?
If you check your IP in firefox (using https://www.whatismyip.com
or similar), are you on your home IP or your VPS IP? That is what matters.
hi.
bogon:subnet brite$ sudo subnet -gw 182.168.69.1 -network 182.168.69.4/24 -cert client.certPEM -key client.keyPEM -ca ca.certPEM my-vps-ip 2018/09/23 12:29:53 Created iface utun1 2018/09/23 12:29:56 Remote presented certificate 2087385896096648852 with time bounds (2018-03-21 04:56:31 +0000 UTC-2018-09-21 04:56:31 +0000 UTC). Verification error for certificate: Certificate expired or used too soon 2018/09/23 12:29:56 subnet.NewClient() err: Certificate expired or used too soon bogon:subnet brite$
how to fix "Certificate expired or used too soon"? tks a lot.
i checked the commands: subnet --mode init-server-certs --cert server.certPEM --key server.keyPEM --ca ca.certPEM --ca_key ca.keyPEM
subnet --mode server --key server.keyPEM --cert server.certPEM --ca ca.certPEM --network 182.168.69.1/24
both commands don't specify the expiry date of the certificates,why i encountered the hint:"Certificate expired"?
Looking at the code that generates the certificate: https://github.com/twitchyliquid64/subnet/blob/master/subnet/cert/gen.go#L81
It appears I accidentally put the expiry silently at 6 months. I think this applies to both the CA cert and the server cert.
Sorry about this, my mistake. If both the CA cert and the server cert are expired, you will need to generate them both again.
I'm going to change this two 1 year, and make a print message to indicate the expiry.
hi. still not working. i removed subnet from /root/go/gopath/bin/,and reinstalled subnet with command: go get -u -v github.com/twitchyliquid64/subnet in /root/go/gopath/,
on linux vps,i removed all the certs and key files,and re-run: subnet --mode init-server-certs --cert server.certPEM --key server.keyPEM --ca ca.certPEM --ca_key ca.keyPEM
and subnet --mode make-client-cert --ca ca.certPEM --ca_key ca.keyPEM client.certPEM client.keyPEM
then i removed ca.certPEM, client.certPEM, client.keyPEM FROM MY MAC,AND re-download ca.certPEM, client.certPEM, client.keyPEM from vps to my mac.
then, bogon:subnet yuming$ sudo subnet -gw 182.168.69.1 -network 182.168.69.4/24 -cert client.certPEM -key client.keyPEM -ca ca.certPEM my-vps-ip 2018/09/25 06:42:02 Created iface utun1
2018/09/25 06:42:10 Remote presented certificate 8109303859703935876 with time bounds (2018-09-25 10:22:32 +0000 UTC-2019-09-25 10:22:32 +0000 UTC). Verification error for certificate: Certificate expired or used too soon 2018/09/25 06:42:10 subnet.NewClient() err: Certificate expired or used too soon bogon:subnet brite$
hwo to fix it ?
Are your clocks correct on both systems?
hello. now it's ok,my mac's clock isn't correct.
now it's not ok again. i ran client command,it shows: ... Traffic to my-vps-ip now routed via 192.168.1.1 on en0
and also ran: networksetup -setdnsservers "Wi-Fi" "Empty" && networksetup -setdnsservers "Wi-Fi" 8.8.8.8
but i just can't open any website in chrome. at the left bottom corner of chrome window,there is a hint: resolving host...
it always shows "resolving host...", but i just can't open any website in chrome. why? how to fix it?
Next time it happens try to ping your VPS IP, and try pinging 8.8.8.8 & google.com.
If VPS works but not the others, IP forwarding is not working on your VPS (remember the command to enable it).
If VPS & 8.8.8.8 work but not google.com, your DNS resolver is not working.
If none work, there is something wrong with your connection or subnet.
i see,i restarted vps but forget to run "iptables -t nat -A POSTROUTING -j MASQUERADE" now it's ok
hi. after i run: sudo subnet -gw 182.168.69.1 -network 182.168.69.4/24 -cert client.certPEM -key client.keyPEM -ca ca.certPEM server-ip
it shows: 2018/02/27 16:50:53 Created iface utun1 2018/02/27 16:50:54 Remote presented certificate 8947204077936876025 with time bounds (2018-02-27 06:47:34 +0000 UTC-2018-08-27 05:47:34 +0000 UTC). Verification error for certificate:
2018/02/27 16:50:54 IP of utun1 set to 182.168.69.4, localNetMask 255.255.255.0
2018/02/27 16:50:54 Default gateway is 192.168.1.1 on en0
2018/02/27 16:50:54 Traffic to my-vps-ip now routed via 192.168.1.1 on en0)
there is such words above: "Verification error for certificate:"
in china, then i open firefox,sometimes i can't visit some blogspot.com sites. why?it's bcoz "Verification error for certificate:"?
how to fix it?tks