If the host which is used to sign the certificate is having a timestamp which is lesser than GMT, the certificate can be used only after some time. The reason is openssl uses current time and add timezone as GMT.
Tag: openssl
How to make openssl non interactive while signing a certificate.
Use -batch option
e.g:-
openssl ca -batch -config "$CONF" -out "$BOXCERT" -infiles "$CSRFILE"
Website where you can find the OpenSSL key encryption and encryption name mapping to cipher suite.