Hello Oliver, Am 17.09.25 um 19:07 schrieb Oliver Welter:
Hello Wilhelm, well - thats quite obvious...You want to issue a certificate with a three year validity with a CA certificate that expires in less then 36 month - either issue a new CA generation or reduce your validity.best regards Oliver
Thank you. With openssl this is possible, so I assumed it was the same here. Were now one step further.
If we now try to "approve" a certificate in the GUI, we see only "Unable to load workflow information". The version is 3.32.8 on debian 12.
catchall.log2025/09/30 12:48:11 93854207 validate challenge using compare validation FAILED! 2025/09/30 12:49:20 openxpki.system.ERROR Invalid format given to detect; __VALIDITY__ => 3 [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.application.ERROR NICE backend error: Invalid format given to detect; __VALIDITY__ => 6 [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.application.WARN NICE issueCertificate failed but pause_on_error is requested [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.system.ERROR Invalid format given to detect; __VALIDITY__ => 5 [pid=235056|sid=r4c9] 2025/09/30 12:49:20 OpenXPKI.Server.Workflow.ERROR Caught exception from action: Invalid format given to detect; __VALIDITY__ => 5; reset workflow to old state 'PREPARED' [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.workflow.ERROR Workflow 93854207/certificate_enroll/PREPARED uncaught exception [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.system.ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9] 2025/09/30 12:49:20 openxpki.workflow.ERROR Error executing workflow activity "enroll_approve_csr" on workflow id #93854207 (type "certificate_enroll"): I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9]
openxpki.log2025/09/30 12:49:20 ERROR Workflow 93854207/certificate_enroll/PREPARED uncaught exception [pid=235056|sid=r4c9] 2025/09/30 12:49:20 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9] 2025/09/30 12:49:20 ERROR Error executing workflow activity "enroll_approve_csr" on workflow id #93854207 (type "certificate_enroll"): I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9]
The format should be right (for 3 years): validity: notafter: +03 I also tested 36 months, but this also has the same error message. This is a Test Server, maybe its because we updated from 3.30.9 to 3.32.8? # openxpkiadm alias list === functional token === ca-signer (certsign): Alias : ca-signer-1 Identifier: zAgyQtBU55W7lCvWASiu4bTclbQ NotBefore : 2025-09-29 14:27:05 NotAfter : 2033-09-02 14:27:05 ratoken (cmcra): Alias : ratoken-2 Identifier: 0Ho9uscxF6d91HUcaf-80eGikbw NotBefore : 2025-09-29 14:27:05 NotAfter : 2033-09-02 14:27:05 vault (datasafe): Alias : vault-1 Identifier: GNCCvr3lEwtow0tAt2itjP73FHU NotBefore : 2018-09-07 12:03:50 NotAfter : 2033-09-04 12:03:50 ratoken (scep): Alias : ratoken-2 Identifier: 0Ho9uscxF6d91HUcaf-80eGikbw NotBefore : 2025-09-29 14:27:05 NotAfter : 2033-09-02 14:27:05 === root ca === current root ca: Alias : root-1 Identifier: SnqdqJAQPkXRkFxifGowf82LrFo NotBefore : 2018-09-07 12:03:49 NotAfter : 2033-09-04 12:03:49 upcoming root ca: not set best regards, Wilhelm
OpenPGP_0x17F42E850DA3A495.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
