Status messages for certificates and their meaning
New article: 12.1
New:
- Notes on the meaning of status messages
notempty
This article refers to a Resellerpreview
- Frequent status messages:
Status | Description | Note |
---|---|---|
KEY | The public and private key are present | It can be encrypted and decrypted: |
VALID | The certificate is valid | It can be encrypted and decrypted: |
INIT | The certificate is being initialized (ACME certificates only) | |
KEY | The private key is not present | It can only be encrypted, but not decrypted. |
UNABLE TO GET CERTIFICATE CRL | No current CRL could be found. | |
UNABLE TO GET LOCAL ISSUER CERTIFICATE | The local issuer cannot be found. This occurs when the issuer certificate of an untrusted certificate cannot be found. |
|
certificate has expired | The certificate has expired. The notAfter date is before the current time. |
|
certificate is not yet valid | The certificate is not yet valid: the notBefore date is after the current time. | |
CRL is not yet valid | CRL is not yet valid | |
CRL has expired | CRL has expired | |
certificate revoked | The certificate has been revoked. | In production environments, revoked certificates should not be restored. In this case, creating a new certificate is usually the better solution. |
unsupported or invalid name syntax UNSUPPORTED_CONSTRAINT_SYNTAX |
Unsupported or invalid name constraint syntax | The name constraint format is not considered: for example, an email address format of a form not mentioned in RFC3280. For example, a -. |
CRL lokal generiert | The CRL was created on this device | Either it is a certificate that was created locally, or no matching CRL has been imported (yet). |
CRL importiert | The CRL was imported |
Further status messages can be found in the Documentation of OpenSSL©.