You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Trying to revoke certain certificates or run tidy on PKI ends with error and process is interrupted:
unable to parse stored certificate with serial \"06-e0-83-88-22-be-91-7f-8d-07-2e-21-35-01-f1-66-95-a0-de-35\": x509: certificate contains duplicate extensions
I think it was fixed with #16700, but that only fixes, as far as I understand, creation of certificates, and has nothing to do with existing certificates.
All certificates in this PKI were created the same, using either /v1/pki/sign-verbatim on CSR or using /v1/pki/issue/client_cert.role
To Reproduce
Steps to reproduce the behavior - not sure now?
Those certificates were created on Vault version 1.12.2 or earlier, we are now on 1.15.6
Expected behavior
Tidy process completes simply deleting incorrect certificates (especially since those are already expired). Revoking such certificate might be problematic, but instead I would like to simply be able to delete offending entities.
Environment:
Vault Server Version (retrieve with vault status): 1.15.6
Vault CLI Version (retrieve with vault version): Vault v1.15.6 (615cf6f), built 2024-02-28T17:07:34Z
Server Operating System/Architecture: Ubuntu 22.04, x86_64
Vault server configuration file(s):
# Paste your Vault config here.# Be sure to scrub any sensitive values
Is there any way to delete those certificates? Tidy process for us errors on checking entry 67 of 43259, I think I could iterate over all certificates manually, check using openssl if they have duplicated extensions and delete them, but I cannot find a way to delete certificate.
The text was updated successfully, but these errors were encountered:
Describe the bug
Trying to revoke certain certificates or run tidy on PKI ends with error and process is interrupted:
I think it was fixed with #16700, but that only fixes, as far as I understand, creation of certificates, and has nothing to do with existing certificates.
All certificates in this PKI were created the same, using either
/v1/pki/sign-verbatim
on CSR or using/v1/pki/issue/client_cert.role
To Reproduce
Steps to reproduce the behavior - not sure now?
Those certificates were created on Vault version 1.12.2 or earlier, we are now on 1.15.6
Expected behavior
Tidy process completes simply deleting incorrect certificates (especially since those are already expired). Revoking such certificate might be problematic, but instead I would like to simply be able to delete offending entities.
Environment:
vault status
): 1.15.6vault version
): Vault v1.15.6 (615cf6f), built 2024-02-28T17:07:34ZVault server configuration file(s):
client_cert.role:
Is there any way to delete those certificates? Tidy process for us errors on checking entry 67 of 43259, I think I could iterate over all certificates manually, check using openssl if they have duplicated extensions and delete them, but I cannot find a way to delete certificate.
The text was updated successfully, but these errors were encountered: