Verify error:certificate has expired
Question
# swupdate -l 5 -H x70:1.0 -k /etc/swupdate/x70.cert.pem -i ./V1.0.4-20231010.02
28.T40N.X70.OTA.swu
[TRACE] : SWUPDATE running : [load_cert_chain] : Read PEM #1: /O=Haier /CN=60SVF /O=Haier /CN=60SVF
Swupdate v2021.11 (Buildroot -g19b7c4c1)
Licensed under GPLv2. See source distribution for detailed copyright notices.
[INFO ] : SWUPDATE running : [main] : Running on x70 Revision 1.0
[INFO ] : SWUPDATE running : [print_registered_handlers] : Registered handlers:
[INFO ] : SWUPDATE running : [print_registered_handlers] : dummy
[INFO ] : SWUPDATE running : [print_registered_handlers] : uboot
[INFO ] : SWUPDATE running : [print_registered_handlers] : bootloader
[INFO ] : SWUPDATE running : [print_registered_handlers] : flash
[INFO ] : SWUPDATE running : [print_registered_handlers] : raw
[INFO ] : SWUPDATE running : [print_registered_handlers] : rawfile
[INFO ] : SWUPDATE running : [print_registered_handlers] : rawcopy
[TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/swupdateprog
[TRACE] : SWUPDATE running : [network_initializer] : Main loop daemon
[TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/sockinstctrl
[TRACE] : SWUPDATE running : [network_thread] : Incoming network request: processing...
[INFO ] : SWUPDATE started : Software Update started !
[TRACE] : SWUPDATE running : [network_initializer] : Software update started
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : Found file
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : filename sw-description
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : size 573
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : Found file
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : filename sw-description.sig
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : size 2098
2005910768:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:crypto/cms/cms_smime.c:253:Verify error:certificate has expired
[ERROR] : SWUPDATE failed [0] ERROR corelib/swupdate_cms_verify.c : swupdate_verify_file : 273 : Signature verification failed
[ERROR] : SWUPDATE failed [0] ERROR core/stream_interface.c : extract_files : 165 : Compatible SW not found
[ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...
[TRACE] : SWUPDATE running : [network_initializer] : Main thread sleep again !
[INFO ] : No SWUPDATE running : Waiting for requests...
[INFO ] : SWUPDATE running : [endupdate] : Swupdate *failed* !2005910768:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:crypto/cms/cms_smime.c:253:Verify error:certificate has expiredopenssl x509 -enddate -noout -in x70.cert.pem
notAfter=Sep 6 07:58:25 2023 GMTAnswer
Make expiration date longer
if [ ! -f "$BOARD_DIR"/cert/"$BOARD_NAME".cert.pem ]; then
openssl req -x509 -newkey rsa:4096 -nodes \
-keyout "$BOARD_DIR"/cert/"$BOARD_NAME".key.pem \
-out "$BOARD_DIR"/cert/"$BOARD_NAME".cert.pem \
-subj "/O=Haier /CN=${BOARD_NAME^^}" -days 36500
fi