SCEP-CA erzeugt ungültige Zertifikate mit falschem Ablaufdatum bei hohem Gültigkeitszeitraum

[rrr]

Unter LCOS 10.32.0176RU9 auf einem 1906VA-4G werden bei Nutzung eines hohen Gültigkeitszeitraumes (7300 Tage), keine validen Zertifikate erstellt.
Dies funktionierte (vor mehreren Jahren) auf einem 1781VA-4G problemlos.

Nebenbei wird ebenso ein Import eines OneClick-Backups oder der 4 einzelnen Backupdateien einer SCEP-CA nur ungültig auf dem 1906VA-4G importiert. Entweder schlägt der Import gänzlich fehl, oder es werden auch hier falsche Ablaufdaten bei den Zertifikaten angezeigt.


Nachfolgend einige Traces von fehlerhaften CA/RA-Erstellungen und zuletzt eine erfolgreiche Erstellung bei kleinerem Gültigkeitszeitraum:

Fehlerhafte Zertifikate - 1. Versuch (Gültigkeitszeitraum 7300 Tage):

Code: Alles auswählen

scep_ca_pkcs12_int	SCEP-CA	Ja	09.05.2034 04:31:14	14.05.2020 04:31:14	Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
scep_ra_pkcs12_int	SCEP-RA	Ja	10.07.1981 03:01:38	14.05.2020 04:31:14	Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

Code: Alles auswählen

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkCertificates: could not load CA pkcs12 from file /flash/security/scepca/scep_ca_pkcs12_int

[SCEP-CA] 2020/05/14 06:31:14,361  Devicetime: 2020/05/14 06:31:13,792
checkCertificates: could not load CA certificate from file /flash/security/scepca/scep_ca_cert

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:13,792
checkConfig: certificates or keys missing. Creating new ones.

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:13,792
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:13,792
createNewCaRaCertficate: could not open CA key file, generating new CA key

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,055
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,055
createNewCaRaCertficate: no previous serial number found, creating new random one
 

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,055
createNewCaRaCertficate: create CA certificate

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,056
createNewCertificate:INFO: add CRL distribution point http://example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,056
createNewCaRaCertficate: signing CA certificate

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,061
createNewCaRaCertficate: saving CA certificate and key

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,140
cX509::createNewCaRa: CA PKCS12 to was saved successfully to /flash/security/scepca/scep_ca_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,140
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:31:14,518  Devicetime: 2020/05/14 06:31:14,143
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:31:14,721  Devicetime: 2020/05/14 06:31:14,220
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:31:14,721  Devicetime: 2020/05/14 06:31:14,220
createNewCaRaCertficate: could not open RA key file, creating new RA key 

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,351
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,352
createNewCaRaCertficate: create new RA certificate

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,361
createNewCertificate:INFO: add CRL distribution point http://example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,361
createNewCaRaCertficate: signing RA certificate 

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,365
createNewCaRaCertficate: saving RA certificate and key

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,365
createNewCaRaCertficate: add CA certificate to RA certificate chain
cX509::createNewCaRa: RA PKCS12 to was saved successfully to /flash/security/scepca/scep_ra_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,448
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,452
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,468
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,468
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,468
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:31:14,924  Devicetime: 2020/05/14 06:31:14,555
checkCertificates: certificates are remaining valid for 1788414208 seconds

[SCEP-CA] 2020/05/14 06:31:15,143  Devicetime: 2020/05/14 06:31:14,636
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:31:15,143  Devicetime: 2020/05/14 06:31:14,636
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,796
validateCertificate:ERROR: verification failed with reason certificate has expired

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,796
checkCertificates: certificate is not valid

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,796
checkConfig: certificates are not valid

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,798
checkConfig: setting CA status to active

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,798
initialize: check was successful, setting certificate update timer

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,798
initialize: this was a reinitialization, call reinitialize

[SCEP-CA] 2020/05/14 06:31:15,346  Devicetime: 2020/05/14 06:31:14,798
reinitializing

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,976
reinitialize: calculating new certificate fingerprints

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,976
creating new certificate revocation list

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,976
CRLCb: creating CRL signed with current CA key

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
CRLCb: starting CRL update timer

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,986
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:14,987
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:15,070
checkCertificates: certificates are remaining valid for 1148061951 seconds

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:15,151
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:31:15,596  Devicetime: 2020/05/14 06:31:15,151
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:31:15,799  Devicetime: 2020/05/14 06:31:15,347
validateCertificate:ERROR: verification failed with reason certificate has expired

[SCEP-CA] 2020/05/14 06:31:15,799  Devicetime: 2020/05/14 06:31:15,347
checkCertificates: certificate is not valid

[SCEP-CA] 2020/05/14 06:31:15,799  Devicetime: 2020/05/14 06:31:15,347
checkConfig: certificates are not valid

[SCEP-CA] 2020/05/14 06:31:15,799  Devicetime: 2020/05/14 06:31:15,348
initialize: check certificates failed. Retry will be started if possible.

Fehlerhafte Zertifikate - 2. Versuch (Gültigkeitszeitraum 7300 Tage):
Obwohl keinerlei Änderungen an der Konfiguration vorgenommen wurde, ist das Ablaufdatum nun Jahrzehnte vom 1 Versuch entfernt...

Code: Alles auswählen

scep_ca_pkcs12_int	SCEP-CA	Ja	09.05.2034 04:41:10	14.05.2020 04:41:10	Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
scep_ra_pkcs12_int	SCEP-RA	Ja	17.07.2016 00:44:22	14.05.2020 04:41:10	Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

Code: Alles auswählen

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:41:10,940  Devicetime: 2020/05/14 06:41:10,388
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,388
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,388
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,389
checkCertificates: could not load CA pkcs12 from file /flash/security/scepca/scep_ca_pkcs12_int

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,389
checkCertificates: could not load CA certificate from file /flash/security/scepca/scep_ca_cert

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,389
checkConfig: certificates or keys missing. Creating new ones.

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,389
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:41:10,956  Devicetime: 2020/05/14 06:41:10,389
createNewCaRaCertficate: could not open CA key file, generating new CA key

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,556
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,556
createNewCaRaCertficate: no previous serial number found, creating new random one
 

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,556
createNewCaRaCertficate: create CA certificate

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,558
createNewCertificate:INFO: add CRL distribution point http://ca.example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,558
createNewCaRaCertficate: signing CA certificate

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,565
createNewCaRaCertficate: saving CA certificate and key

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,645
cX509::createNewCaRa: CA PKCS12 to was saved successfully to /flash/security/scepca/scep_ca_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,645
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,648
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,725
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:41:11,190  Devicetime: 2020/05/14 06:41:10,725
createNewCaRaCertficate: could not open RA key file, creating new RA key 

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,872
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,873
createNewCaRaCertficate: create new RA certificate

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,873
createNewCertificate:INFO: add CRL distribution point http://ca.example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,873
createNewCaRaCertficate: signing RA certificate 

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,877
createNewCaRaCertficate: saving RA certificate and key

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,877
createNewCaRaCertficate: add CA certificate to RA certificate chain
cX509::createNewCaRa: RA PKCS12 to was saved successfully to /flash/security/scepca/scep_ra_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,973
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,976
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,993
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,993
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:41:11,393  Devicetime: 2020/05/14 06:41:10,993
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:41:11,596  Devicetime: 2020/05/14 06:41:11,074
checkCertificates: certificates are remaining valid for 126879999 seconds

[SCEP-CA] 2020/05/14 06:41:11,596  Devicetime: 2020/05/14 06:41:11,150
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:41:11,596  Devicetime: 2020/05/14 06:41:11,150
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,303
validateCertificate:ERROR: verification failed with reason certificate has expired

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,303
checkCertificates: certificate is not valid

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,303
checkConfig: certificates are not valid

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,304
checkConfig: setting CA status to active

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,304
initialize: check was successful, setting certificate update timer

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,304
initialize: this was a reinitialization, call reinitialize

[SCEP-CA] 2020/05/14 06:41:11,799  Devicetime: 2020/05/14 06:41:11,304
reinitializing

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,474
reinitialize: calculating new certificate fingerprints

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,474
creating new certificate revocation list

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,474
CRLCb: creating CRL signed with current CA key

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,482
CRLCb: starting CRL update timer

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,482
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,482
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,483
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:41:11,987  Devicetime: 2020/05/14 06:41:11,564
checkCertificates: certificates are remaining valid for 250677503 seconds

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,642
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,642
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,792
validateCertificate:ERROR: verification failed with reason certificate has expired

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,792
checkCertificates: certificate is not valid

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,792
checkConfig: certificates are not valid

[SCEP-CA] 2020/05/14 06:41:12,237  Devicetime: 2020/05/14 06:41:11,794
initialize: check certificates failed. Retry will be started if possible.

Erfolgreicher Versuch (Gültigkeitszeitraum 3650 Tage):

Code: Alles auswählen

scep_ca_pkcs12_int	SCEP-CA	Ja	12.05.2030 04:46:32	14.05.2020 04:46:32	Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
scep_ra_pkcs12_int	SCEP-RA	Ja	12.05.2030 04:46:32	14.05.2020 04:46:32	Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

Code: Alles auswählen

[SCEP-CA] 2020/05/14 06:46:32,371  Devicetime: 2020/05/14 06:46:31,880
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:46:32,376  Devicetime: 2020/05/14 06:46:31,880
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:46:32,657  Devicetime: 2020/05/14 06:46:31,881
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:46:32,662  Devicetime: 2020/05/14 06:46:31,881
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:46:32,666  Devicetime: 2020/05/14 06:46:31,881
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:46:32,670  Devicetime: 2020/05/14 06:46:31,881
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:46:32,674  Devicetime: 2020/05/14 06:46:31,881
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:46:32,678  Devicetime: 2020/05/14 06:46:31,881
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:46:32,682  Devicetime: 2020/05/14 06:46:31,881
checkCertificates: could not load CA pkcs12 from file /flash/security/scepca/scep_ca_pkcs12_int

[SCEP-CA] 2020/05/14 06:46:32,686  Devicetime: 2020/05/14 06:46:31,881
checkCertificates: could not load CA certificate from file /flash/security/scepca/scep_ca_cert

[SCEP-CA] 2020/05/14 06:46:32,691  Devicetime: 2020/05/14 06:46:31,881
checkConfig: certificates or keys missing. Creating new ones.

[SCEP-CA] 2020/05/14 06:46:32,695  Devicetime: 2020/05/14 06:46:31,881
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:46:32,698  Devicetime: 2020/05/14 06:46:31,881
createNewCaRaCertficate: could not open CA key file, generating new CA key

[SCEP-CA] 2020/05/14 06:46:32,884  Devicetime: 2020/05/14 06:46:32,294
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:46:32,887  Devicetime: 2020/05/14 06:46:32,294
createNewCaRaCertficate: no previous serial number found, creating new random one
 

[SCEP-CA] 2020/05/14 06:46:32,891  Devicetime: 2020/05/14 06:46:32,294
createNewCaRaCertficate: create CA certificate

[SCEP-CA] 2020/05/14 06:46:32,894  Devicetime: 2020/05/14 06:46:32,295
createNewCertificate:INFO: add CRL distribution point http://ca.example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:46:32,898  Devicetime: 2020/05/14 06:46:32,295
createNewCaRaCertficate: signing CA certificate

[SCEP-CA] 2020/05/14 06:46:32,901  Devicetime: 2020/05/14 06:46:32,299
createNewCaRaCertficate: saving CA certificate and key

[SCEP-CA] 2020/05/14 06:46:32,903  Devicetime: 2020/05/14 06:46:32,379
cX509::createNewCaRa: CA PKCS12 to was saved successfully to /flash/security/scepca/scep_ca_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:46:32,906  Devicetime: 2020/05/14 06:46:32,379
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:46:32,909  Devicetime: 2020/05/14 06:46:32,382
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:46:33,086  Devicetime: 2020/05/14 06:46:32,474
createNewCaRaCertficate: retrieving information from configuration

[SCEP-CA] 2020/05/14 06:46:33,088  Devicetime: 2020/05/14 06:46:32,474
createNewCaRaCertficate: could not open RA key file, creating new RA key 

[SCEP-CA] 2020/05/14 06:46:33,092  Devicetime: 2020/05/14 06:46:32,659
createNewCaRaCertficate: loading certificate serial number
 

[SCEP-CA] 2020/05/14 06:46:33,094  Devicetime: 2020/05/14 06:46:32,659
createNewCaRaCertficate: create new RA certificate

[SCEP-CA] 2020/05/14 06:46:33,096  Devicetime: 2020/05/14 06:46:32,660
createNewCertificate:INFO: add CRL distribution point http://ca.example.org/crl/current.crl

[SCEP-CA] 2020/05/14 06:46:33,099  Devicetime: 2020/05/14 06:46:32,660
createNewCaRaCertficate: signing RA certificate 

[SCEP-CA] 2020/05/14 06:46:33,101  Devicetime: 2020/05/14 06:46:32,665
createNewCaRaCertficate: saving RA certificate and key

[SCEP-CA] 2020/05/14 06:46:33,284  Devicetime: 2020/05/14 06:46:32,665
createNewCaRaCertficate: add CA certificate to RA certificate chain
cX509::createNewCaRa: RA PKCS12 to was saved successfully to /flash/security/scepca/scep_ra_pkcs12_int_new!

[SCEP-CA] 2020/05/14 06:46:33,287  Devicetime: 2020/05/14 06:46:32,763
createNewCaRaCertficate: saving certificate serial number

[SCEP-CA] 2020/05/14 06:46:33,290  Devicetime: 2020/05/14 06:46:32,766
createNewCaRaCertficate: new certificates were successfully created
 

[SCEP-CA] 2020/05/14 06:46:33,294  Devicetime: 2020/05/14 06:46:32,783
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:46:33,295  Devicetime: 2020/05/14 06:46:32,783
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:46:33,296  Devicetime: 2020/05/14 06:46:32,783
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:46:33,296  Devicetime: 2020/05/14 06:46:32,858
checkCertificates: certificates are remaining valid for 315360000 seconds

[SCEP-CA] 2020/05/14 06:46:33,485  Devicetime: 2020/05/14 06:46:32,934
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:46:33,486  Devicetime: 2020/05/14 06:46:32,934
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:46:33,486  Devicetime: 2020/05/14 06:46:33,092
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:46:33,487  Devicetime: 2020/05/14 06:46:33,092
checkCertificates: certificates are valid

[SCEP-CA] 2020/05/14 06:46:33,489  Devicetime: 2020/05/14 06:46:33,092
checkConfig: certificates are valid

[SCEP-CA] 2020/05/14 06:46:33,489  Devicetime: 2020/05/14 06:46:33,092
checkConfig: setting CA status to active

[SCEP-CA] 2020/05/14 06:46:33,490  Devicetime: 2020/05/14 06:46:33,092
checkConfig: setting CA status to active

[SCEP-CA] 2020/05/14 06:46:33,490  Devicetime: 2020/05/14 06:46:33,092
initialize: check was successful, setting certificate update timer

[SCEP-CA] 2020/05/14 06:46:33,490  Devicetime: 2020/05/14 06:46:33,092
initialize: this was a reinitialization, call reinitialize

[SCEP-CA] 2020/05/14 06:46:33,490  Devicetime: 2020/05/14 06:46:33,092
reinitializing

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,245
reinitialize: calculating new certificate fingerprints

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,245
creating new certificate revocation list

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,245
CRLCb: creating CRL signed with current CA key

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
CRLCb: starting CRL update timer

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
initialize: CA initialization started

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
initialize: checking configuration

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
checkConfig: start configuration check

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
checkConfig: configuration is correct

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
initialize: checking certificates

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
checkConfig: setting status to initialization

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
checkConfig: start certificate check

[SCEP-CA] 2020/05/14 06:46:33,688  Devicetime: 2020/05/14 06:46:33,253
checkCertificates: checking CA certificate

[SCEP-CA] 2020/05/14 06:46:33,889  Devicetime: 2020/05/14 06:46:33,373
checkCertificates: certificates are remaining valid for 315359999 seconds

[SCEP-CA] 2020/05/14 06:46:33,890  Devicetime: 2020/05/14 06:46:33,450
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:46:33,890  Devicetime: 2020/05/14 06:46:33,450
checkCertificates: checking RA certificate

[SCEP-CA] 2020/05/14 06:46:34,091  Devicetime: 2020/05/14 06:46:33,611
checkCertificates: getting private key from pkcs12 file

[SCEP-CA] 2020/05/14 06:46:34,092  Devicetime: 2020/05/14 06:46:33,611
checkCertificates: certificates are valid

[SCEP-CA] 2020/05/14 06:46:34,092  Devicetime: 2020/05/14 06:46:33,611
checkConfig: certificates are valid

[SCEP-CA] 2020/05/14 06:46:34,093  Devicetime: 2020/05/14 06:46:33,611
checkConfig: setting CA status to active

[SCEP-CA] 2020/05/14 06:46:34,094  Devicetime: 2020/05/14 06:46:33,611
initialize: check was successful, setting certificate update timer

[SCEP-CA] 2020/05/14 06:46:34,094  Devicetime: 2020/05/14 06:46:33,611
initialize: this was a reinitialization, call reinitialize

[SCEP-CA] 2020/05/14 06:46:34,095  Devicetime: 2020/05/14 06:46:33,611
reinitializing

[SCEP-CA] 2020/05/14 06:46:34,293  Devicetime: 2020/05/14 06:46:33,781
reinitialize: calculating new certificate fingerprints

[SCEP-CA] 2020/05/14 06:46:34,294  Devicetime: 2020/05/14 06:46:33,781
creating new certificate revocation list

[SCEP-CA] 2020/05/14 06:46:34,294  Devicetime: 2020/05/14 06:46:33,781
CRLCb: creating CRL signed with current CA key

[SCEP-CA] 2020/05/14 06:46:34,295  Devicetime: 2020/05/14 06:46:33,789
CRLCb: starting CRL update timer

[backslash]

Hi rrr

das sieht irgendwie nach dem Jahr 2038 Probnlem aus: https://de.wikipedia.org/wiki/Jahr-2038-Problem

Gruß
Backslash

[rrr]

Hi backslash,

könnte sein... gibst Du das an die Entwicklung weiter?

[backslash]

Gi rrr

längst passiert - das ist aber ein größeres Problem (betrifft halt alle Zeiten im LANCOM), so daß es sicherlich noch etwas dauern wird, bis das gefixt ist...

Gruß
Backslash

[rrr]

längst passiert - das ist aber ein größeres Problem (betrifft halt alle Zeiten im LANCOM), so daß es sicherlich noch etwas dauern wird, bis das gefixt ist...

Hi backslash,

vielen Dank, hat erstmal keine Eile. Hab den Zeitraum halt entsprechend gekürzt...