Measurements with RIPE Atlas show "Invalid date UTC"


#1

Hi,

first post, I hope i did not miss to find this topic. I just realized if you make SSL measurements with RIPE Atlas the certificates show “Invalid date UTC” at their validity. Is this a known error? Is it a problem with the certs, or is it a problem wit RIPE?

https://atlas.ripe.net/measurements/3834140/?lm3834140.start=1464090002&lm3834140.stop=1464090813&lm3834140.measurements=3834140&lm3834140.groups=AT,CA,US&lm3834140.groups-component=3834140M21782,21950L3834140M12124,14779,17620,20186,21126,22858L3834140M10356,10386,10413,10415,10458,10486&lm3834140.groups-type=multi-probes,multi-probes,multi-probes#!probes


#2

Checking the domain with other test systems they say everything is OK, so I suspect it’s an issue with the test at RIPE.


#3

Thank you very much!


#4

Yes, I suspect a fault with the code in the RIPE Atlas pages, probably not deep within RIPE Atlas itself but in some web code somewhere. The certificate passes the various X509v3 lint checks and looks fine by eye.

However note that the certificate currently used by thejester.at when I connected expires in two days - time to renew probably.


#5

huh! thanks, i really thought i did that already…


#6

You’re welcome.

The other thing I find slightly odd is that is confirms it is valid - but in the detail says the dates are not valid. If the dates were really not valid, then the certificate should not be valid.

It looks as if you did obtain a new cert on the 5th of this month, but aren’t using it.


#7

Indeed a new certificate was issued for thejester.at at the start of the month, but when I connected I was given an older certificate. That’s fine today, but by the weekend it will report an error.

Probably you renewed and then somehow the config was reverted or I saw a different copy. If you have load balancing, maybe one of the balanced servers has the old certificate. If you don’t, maybe a revert of some other change switched back to a predecessor cert?


#8

honestly, I guess I switched back to an old one when I rebuilt a backup. thanks to @tialaramex I created a new one.


#9

For the “Invalid date UTC” in the Atlas UI I see a lot of sample code on the web which does something equivalent to

if (timestampIsNotValid()) {
dateString = “Invalid date”
} else {
dateString = convertTimestampToDate()
}
dateString += " UTC"

And that code would definitely explain this weird message, without there being any actual problem except in the web UI stuff. Like somebody wrote a String into some JSON but somebody else expected a Unix seconds-since-epoch count, or vice versa. I’m sure RIPE has somebody who can look into what’s wrong.