Hi, > Thank you. With openssl this is possible, so I assumed it was the same here. > Were now one step further.
OpenXPKI is an enterprise grade trustcenter software, and its primary task is to implement and enforce sensible PKI policies. Its refusal to issue certificates which violate the RFC5280 validity model is a good thing. > If we now try to "approve" a certificate in the GUI, we see only "Unable to > load workflow information". The version is 3.32.8 on debian 12. > > catchall.log > 2025/09/30 12:48:11 93854207 validate challenge using compare validation > FAILED! > 2025/09/30 12:49:20 openxpki.system.ERROR Invalid format given to detect; > __VALIDITY__ => 3 [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.application.ERROR NICE backend error: Invalid > format given to detect; __VALIDITY__ => 6 [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.application.WARN NICE issueCertificate failed > but pause_on_error is requested [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.system.ERROR Invalid format given to detect; > __VALIDITY__ => 5 [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 OpenXPKI.Server.Workflow.ERROR Caught exception from > action: Invalid format given to detect; __VALIDITY__ => 5; reset workflow to > old state 'PREPARED' [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.workflow.ERROR Workflow > 93854207/certificate_enroll/PREPARED uncaught exception [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.system.ERROR > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => > global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; > __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 openxpki.workflow.ERROR Error executing workflow activity > "enroll_approve_csr" on workflow id #93854207 (type "certificate_enroll"): > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => > global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; > __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9] > > openxpki.log > 2025/09/30 12:49:20 ERROR Workflow 93854207/certificate_enroll/PREPARED > uncaught exception [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; > __ACTION__ => global_nice_issue_certificate, __ERROR__ => Invalid format > given to detect; __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception > [pid=235056|sid=r4c9] > 2025/09/30 12:49:20 ERROR Error executing workflow activity > "enroll_approve_csr" on workflow id #93854207 (type "certificate_enroll"): > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => > global_nice_issue_certificate, __ERROR__ => Invalid format given to detect; > __VALIDITY__ => 5, __EXCEPTION__ => OpenXPKI::Exception [pid=235056|sid=r4c9] > > > The format should be right (for 3 years): > validity: > notafter: +03 > > I also tested 36 months, but this also has the same error message. > > This is a Test Server, maybe its because we updated from 3.30.9 to 3.32.8? Yes, this error is a result of the update to version 3.32 which does come with an updated YAML parser which is more strict in following YAML formatting rules. When updating it is strongly recommended to consider our release notes. The changes necessary for an update to 3.32 are documented here: https://openxpki.readthedocs.io/en/master/upgrading.html#release-v3-32 Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
