It's not a *fresh* install. It broke less than three months ago taking security updates.
On Mon, Nov 10, 2025, 2:17 PM Thomas Ward <[email protected]> wrote: > I received your samples (and reproduced your CA with test keys locally > thanks to your samples provided), but even with them I cannot reproduce on > a Debian 12.12 fresh installation with XCA even with your reproduction > instructions. > > (I sent you a separate email independently by the way) > > Thomas > > > On 2025-11-10 16:51, Joshua Hudson wrote: > > On that report, we may remove the "grave"; I'm not sure what went > wrong on my machine, nor any way to get at it. > > My reproduction is trivial: import, sign, export, open .der file and > it's broken, and it's an all-defaults install. > > I'm going to send some samples privately because I don't want google > to index them. > > On Mon, Nov 10, 2025 at 12:16 PM Thomas Ward <[email protected]> > <[email protected]> wrote: > > > Control: tags -1 + unreproducible > > I loaded up an oldstable bookworm system, and used XCA's internal templates > to create a CA certificate. From that, I was able to use Debian Bookworm's > own OpenSSL version to generate a CSR, which I imported into XCA without > issue. I was then able to use XCA to sign the CSR and generate a certificate > (using SSL server template in XCA again to make sure proper items are set on > teh certificate for extensions), and then after exporting that certificate, > OpenSSL was able to properly read the certificate without issues. > > Your issue is not able to be reproduced in XCA, so we need a lot more > information about your environment, XCA settings, CA cert settings, key > algos, etc. to have a minimum reproducible example. > > > Thomas > > > >
