Hi all, I'm using EST to enroll a new certificate. That works OK. After the first certificate, for testing purposes, I'm trying to enroll a new certificate with an already used Common Name. (the common name is filled in with a unique device id)
When using these options it works as expected, i.e. it generates a "400 Bad Request" mentioning that a certificate for that CN already exists: max_active_certs:1 auto_revoke_existing_certs:0 However, when using these options: max_active_certs:1 auto_revoke_existing_certs:1 The EST endpoint returns a 500 Unexpected Response from backend. The new certificate is correctly issued (but not returned). Apparently, it started to revoke the old certificate, but 'crashed': I get an error revoking the previous certificate: 2022/03/08 15:19:47 openxpki.application.WARN I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] 2022/03/08 15:19:47 OpenXPKI.Server.Workflow.ERROR Caught exception from action: I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER; reset workflow to old state 'REVOKE_CERTS_ENROLL_GET_NEXT_CERT_TO_REVOKE_0' [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] 2022/03/08 15:19:47 openxpki.workflow.DEBUG Executing database ROLLBACK (requested by workflow engine) [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] When looking in the UI, the message suggest that the certificate ID is incorrect, but when I look in the workflow context, the certificate id's point to the correct ids (cert_identifier to the new, revoke_cert_identifier to the old), and they can be clicked. According to the logs, the problem has something to do with "INVALIDITYTIME" though. Note that it is possible to 'manually' revoke the certificate using the UI. How can I solve/debug this error? Best regards, Jeroen
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
