Public bug reported:
After importing my certificate from DigiCert into Kleopatra, it
initially shows "Certified", when I click on it to see details, it shows
"invalid".
Kleopatra does not show any further details.
Kleopatra's gnupg log shows the following:
dirmngr[4564.5]: available CRL for issuer ID
1E0A9BCA80406D19F585298D61F2A132F08E0163 can't be used
dirmngr[4564.5]: command 'ISVALID' failed: Invalid CRL object
dirmngr[4564.5]: DBG: chan_5 -> ERR 167772322 Invalid CRL object <Dirmngr>
gpgsm[51171]: DBG: chan_9 <- ERR 167772322 Invalid CRL object <Dirmngr>
Unfortunately I can't correlate that "issuer ID" to anything in the
certificate chain. Force-disabling CRLs however nicely remediates the
problem and avoids the erroneous "invalid" status.
Overall it's clearly too fragile to consider an end-entity certificate
"invalid" when there's an internal CRL processing bug.
** Affects: gnupg
Importance: Undecided
Status: New
** Affects: kleopatra (Ubuntu)
Importance: Undecided
Status: New
** Affects: kmail (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "Certificate listing after viewing certificate details"
https://bugs.launchpad.net/bugs/2144661/+attachment/5953430/+files/Screenshot%20From%202026-03-17%2016-23-04.png
** Also affects: gnupg
Importance: Undecided
Status: New
** Also affects: kmail (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2144661
Title:
Inconsistent certificate validity state in Kleopatra (buggy CRL
handling?)
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg/+bug/2144661/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
