Status messages for certificates and their meaning
New article with version: 12.1
New:
- Notes on the meaning of status messages
This article refers to a Beta version
-
Frequent status messages:
| Status | Description | Note |
|---|---|---|
| KEY | The public and private key are present | It can be encrypted and decrypted: |
| VALID | The certificate is valid | It can be encrypted and decrypted: |
| INIT | The certificate is being initialized (ACME certificates only) | |
| KEY | The private key is not present | It can only be encrypted, but not decrypted. |
| UNABLE TO GET CERTIFICATE CRL | No current CRL could be found. | |
| UNABLE TO GET LOCAL ISSUER CERTIFICATE | The local issuer cannot be found. This occurs when the issuer certificate of an untrusted certificate cannot be found. |
|
| certificate has expired | The certificate has expired. The notAfter date is before the current time. |
|
| certificate is not yet valid | The certificate is not yet valid: the notBefore date is after the current time. | |
| CRL is not yet valid | CRL is not yet valid | |
| CRL has expired | CRL has expired | |
| certificate revoked | The certificate has been revoked. | In production environments, revoked certificates should not be restored. In this case, creating a new certificate is usually the better solution. |
| unsupported or invalid name syntax UNSUPPORTED_CONSTRAINT_SYNTAX |
Unsupported or invalid name constraint syntax | The name constraint format is not considered: for example, an email address format of a form not mentioned in RFC3280. For example, a -. |
| CRL lokal generiert | The CRL was created on this device | Either it is a certificate that was created locally, or no matching CRL has been imported (yet). |
| CRL importiert | The CRL was imported |
Further status messages can be found in the Documentation of OpenSSL©.