Hi Dominik,thats what I assumed - blue is the color of the new timeout or unknown state, it falls back to "fail" if no label is set, to adjust your workflow config, see this commit
https://github.com/openxpki/openxpki/commit/b567653e9a55a4ce01bbc7c1dbd4145aaebc5c79
You did not answer my question - in what state is your workflow? Do you have this DNS "problem" only on the UI or do you also get a policy violation due to failed DNS check on the workflow level?
Additional question: Is the domain name in question a "hostname only" or is it a real FQDN? The old code used the domain search list which we removed avoid ambiguties when isolated hostnames are used (which is in general a bad idea in certificates)
Oliver Am 23.05.2017 um 20:21 schrieb Dominik Lindlbauer:
Hi Oliver, thanks for the fast reply. I already checked DNS resolving with dig and nslookup. Both, dig and nslookup do not even take a second, the answer comes without failure and without delay. A little strange behavior is, that the error-message "Subject Alternative Name: DNS: sample.fqdn (FAIL)" is in light blue, not in red. Could it be that this error is more a "cosmetic" failure in the web ui? Best regards, Dominik On 05/23/17 19:58, Oliver Welter wrote:Hi Dominik, thats bad news - we always try to not break existing installs with the updates :( Does your request really fail or is it just in the "Policy Violation Pending" state? This just means that the DNS lookup for the given domain failed. Indeed we changed this module to better handle timeouts when the DNS response is too slow. First, to diagnose the problem, try to make a dns lookup on the domain in question using dig/nslookup on the shell. If this takes longer that a second, you got the problem. It would be easiest to fix/speed up the resolver of the underlying OS, yoz can also set timeout and resolvers in the workflow config files (Have a Look at the checkdns activity). Oliver Am 23.05.2017 um 18:57 schrieb Dominik Lindlbauer:Hi everybody, after upgrading openxpki from version 1.16.8 to 1.17.4 with aptitude on a debian 8 machine i got the following output when i want to issue a new certificate: Subject Alternative Name: DNS: sample.fqdn (FAIL) before the upgrade i can issue the certificate perfect without errors: Subject Alternative Name: DNS: sample.fqdn (OK). Has anybody the same problem (and maybe even solved the issue)? Thanks for your help, Dominik ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
