Hi Jeroen, this is bug caused by a regression problem by an underlying library - we will ship an updated package by the end if the week latest.
Oli Am 08.03.22 um 15:54 schrieb Jeroen Lamain via OpenXPKI-users: > > Hi all, > > > > I’m using EST to enroll a new certificate. That works OK. > > After the first certificate, for testing purposes, I’m trying to > enroll a new certificate with an already used Common Name. > > (the common name is filled in with a unique device id) > > > > When using these options it works as expected, i.e. it generates a > "400 Bad Request" mentioning that a certificate for that CN already > exists: > > max_active_certs:1 > > auto_revoke_existing_certs:0 > > > > However, when using these options: > > max_active_certs:1 > > auto_revoke_existing_certs:1 > > > > The EST endpoint returns a 500 Unexpected Response from backend. > > The new certificate is correctly issued (but not returned). > > Apparently, it started to revoke the old certificate, but 'crashed': > > > > I get an error revoking the previous certificate: > > 2022/03/08 15:19:47 openxpki.application.WARN > I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER > [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] > > 2022/03/08 15:19:47 OpenXPKI.Server.Workflow.ERROR Caught exception > from action: > I18N_OPENXPKI_UI_ERROR_VALIDATOR_INVALIDITYTIME_INVALID_IDENTIFIER; > reset workflow to old state > 'REVOKE_CERTS_ENROLL_GET_NEXT_CERT_TO_REVOKE_0' > [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] > > 2022/03/08 15:19:47 openxpki.workflow.DEBUG Executing database > ROLLBACK (requested by workflow engine) > [pid=106|user=Anonymous|role=System|sid=BL+J|wftype=certificate_revocation_request_v2|wfid=8703] > > > > When looking in the UI, the message suggest that the certificate ID is > incorrect, but when I look in the workflow context, the certificate > id’s point to the correct ids (cert_identifier to the new, > revoke_cert_identifier to the old), and they can be clicked. > > According to the logs, the problem has something to do with > "INVALIDITYTIME" though. > > > > Note that it is possible to 'manually' revoke the certificate using > the UI. > > > > How can I solve/debug this error? > > > > Best regards, > > > > Jeroen > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
