Hi Oli, Nice, thanks. Will the whiterabbitsecurity/openxpki3:latest docker image also be updated?
Best regards, Jeroen From: Oliver Welter <[email protected]> Sent: woensdag 9 maart 2022 08:41 To: [email protected] Subject: Re: [OpenXPKI-users] enroll certificate with auto_revoke_existing_certs option Hi Jeroen, this is bug caused by a regression problem by an underlying library - we will ship an updated package by the end if the week latest. Oli Am 08.03.22 um 15:54 schrieb Jeroen Lamain via OpenXPKI-users: Hi all, I'm using EST to enroll a new certificate. That works OK. After the first certificate, for testing purposes, I'm trying to enroll a new certificate with an already used Common Name. (the common name is filled in with a unique device id) When using these options it works as expected, i.e. it generates a "400 Bad Request" mentioning that a certificate for that CN already exists: max_active_certs:1 auto_revoke_existing_certs:0 However, when using these options: max_active_certs:1 auto_revoke_existing_certs:1 The EST endpoint returns a 500 Unexpected Response from backend. The new certificate is correctly issued (but not returned). Apparently, it started to revoke the old certificate, but 'crashed': I get an error revoking the previous certificate: 2022/03/08 15:19:47 openxpki.application.WARN I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] 2022/03/08 15:19:47 OpenXPKI.Server.Workflow.ERROR Caught exception from action: I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER; reset workflow to old state 'REVOKE_CERTS_ENROLL_GET_NEXT_CERT_TO_REVOKE_0' [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] 2022/03/08 15:19:47 openxpki.workflow.DEBUG Executing database ROLLBACK (requested by workflow engine) [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] When looking in the UI, the message suggest that the certificate ID is incorrect, but when I look in the workflow context, the certificate id's point to the correct ids (cert_identifier to the new, revoke_cert_identifier to the old), and they can be clicked. According to the logs, the problem has something to do with "INVALIDITYTIME" though. Note that it is possible to 'manually' revoke the certificate using the UI. How can I solve/debug this error? Best regards, Jeroen _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fopenxpki-users&data=04%7C01%7C%7C4e4cbf38c58a4699ad3608da01a0a102%7Cd943c27450b54a448dd8fadde63efa3c%7C0%7C0%7C637824086654531583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tru87JRmfkqgnFIrj8T5GHQzKX7mYU5o2bFjbvjcxUY%3D&reserved=0> -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
