Jump to:navigation, search
Wiki





























De.png
En.png
Fr.png






Status messages for certificates and their meaning
New article: 12.1
New:
  • Notes on the meaning of status messages
notempty
This article refers to a Resellerpreview
-

Frequent status messages:

Status Description Note
KEY The public and private key are present It can be encrypted and decrypted:
VALID The certificate is valid It can be encrypted and decrypted:
INIT The certificate is being initialized (ACME certificates only)
KEY The private key is not present It can only be encrypted, but not decrypted.
  • When importing e.g. a public CA, only the PublicKey is imported
  • UNABLE TO GET CERTIFICATE CRL No current CRL could be found.
  • A CRL is not relevant for operation in the web server or mail relay.
  • UNABLE TO GET LOCAL ISSUER CERTIFICATE The local issuer cannot be found.
    This occurs when the issuer certificate of an untrusted certificate cannot be found.
  • For imported CAs, there can be no local issuer
  • certificate has expired The certificate has expired. The notAfter date is before the current time.
    • For certificates used exclusively locally: Check whether the validity date can be adjusted.
    • If necessary, create a new certificate (have it created)
    • For ACME certificates: Check why the certificate could not be renewed (e.g.: hard disk in read-only mode).
    certificate is not yet valid The certificate is not yet valid: the notBefore date is after the current time.
    CRL is not yet valid CRL is not yet valid
    CRL has expired CRL has expired
    certificate revoked The certificate has been revoked. In production environments, revoked certificates should not be restored.
    In this case, creating a new certificate is usually the better solution.
    unsupported or invalid name syntax
    UNSUPPORTED_CONSTRAINT_SYNTAX
    Unsupported or invalid name constraint syntax The name constraint format is not considered: for example, an email address format of a form not mentioned in RFC3280. For example, a -.
    CRL lokal generiert The CRL was created on this device Either it is a certificate that was created locally, or no matching CRL has been imported (yet).
    CRL importiert The CRL was imported


    notempty
    Further status messages can be found in the Documentation of OpenSSL©.