Hi Oliver Good to know.
Topic "metadata": I created a intermediate certificate with my offline computer with my root ca and imported it. Openxpki shows the following data: ------------- Certificate Serial d639df36930e93607eb2a83b378675ce Certificate Identifier 7LgtOek-y16Jr2rmgHHwwE0K09k not before 2024-10-16 22:28:26 UTC not after 2034-10-14 22:28:26 UTC Status Issued ------- Then I revoked it with my root ca and tried to import the new "revoked" certificate, but it doesn't work. OpenxPKI says that it already exists and show me the old identifier of the old "unrevoked" certificate. So I tried to delete it. ------------------------- root@pki:~# openxpkiadm certificate remove --name "7LgtOek-y16Jr2rmgHHwwE0K09k" --force Successfully deleted certificate 7LgtOek-y16Jr2rmgHHwwE0K09k (identifier: 7LgtOek-y16Jr2rmgHHwwE0K09k) from database. root@pki:~# openxpkiadm certificate remove --name "7LgtOek-y16Jr2rmgHHwwE0K09k" --force Certificate 7LgtOek-y16Jr2rmgHHwwE0K09k (identifier: 7LgtOek-y16Jr2rmgHHwwE0K09k) not found in database. ------------------------------- The old certificate can't be found via cli or webui anymore. So import the new revoked certificate which also has a different serial number (87:aa:fe:e2:be:52:4e:ba:7d:01:ce:02:8b:01:e3:33), but it always brings the old up. -------------- openxpkiadm certificate import --file first_realm_new.crt (i checked the file 100 times. its the new one) Starting import Successfully imported certificate into database: Subject: CN=MS Intermediate CA,O=MS Issuer: CN=MS Root CA,O=MasterSign Identifier: 7LgtOek-y16Jr2rmgHHwwE0K09k Realm: none ---- its again the old identifier and if I look at the webui for this identifier I get the old certificate with the old serial number. I'm really really confused about this. Oliver Welter - mail at oliwel.de <mail_at_oliwel_de_zjhngnx...@simplelogin.co> schrieb am Samstag, 19. Oktober 2024 um 19:00: > > > Hi Marko, > > the certificate handling part of the openxpkiadm command is known to be > broken, we are building a new CLI which will hopefully be available at > least in a beta state with the next release. > > I dont understand what you mean with "metadata" - you can not change a > certificates validity without changing the cert - what kind of cert is > this and how is it used? There are several commands for certificate > management using the "openxpkicli" interface via the API that might be > helpful, or the fast way is to just use SQL... > > Oliver > > On 19.10.24 16:51, openxpki.p9abw--- via OpenXPKI-users wrote: > > > Heho > > I'm pretty new to openxpki an ran into a little problem. > > > > Ref: https://github.com/openxpki/openxpki/issues/920#issuecomment-2423776202 > > > > If I try to remove a certificate I get the following output: > > ----------- > > openxpkiadm certificate remove --name 7LgtOek-y16Jr3rmgHHwwE0K08k --debug > > 128 > > [DEBUG] New session of type 'Memory' created > > I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED > > OBJECT: session > > --------- > > With --force I can remove the certificate, but it doesn't get removed > > completely. So if I re-import the invoked certificate then it shows the old > > metadata (instead expire 2024, it shows 2034) > > > > I can't really understand how to fix this. Is it a possible configuration > > error? > > > > Greetings > > Marko > > > > Debian Bookworm > > Version (core): 3.30.3 > > > > _______________________________________________ > > OpenXPKI-users mailing list > > OpenXPKI-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > -- > Protect your environment - close windows and adopt a penguin! > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users
publickey - mail@marko-eckert.net - 0xDA11BC46.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
