search

OpenCerts / opencerts-website

Apache License 2.0
21 stars 69 forks source link

Certificate is not valid, certificate has been tampered with #778

Open RP-OIS-SK opened 1 month ago

RP-OIS-SK commented 1 month ago

We have been issuing certificate for a number of years. Recently, some of certificates issued recently get "Certificate is not valid, certificate has been tampered with .." error while most of the certificate issued out have no problem. Is there any way to find what the cause of this ?

Example of certificate with error - I have removed the sensitive contents. In this case, the whole batch of certificates have this error. Is it due to merkleRoot not issue properly in Ethereum ?

"certificateStore": "cc7b4401-daa3-486c-9ee0-6420c3721bf7:string:0x18270bA6dA0380a2cbC705bc6C0AD6651282bD14",

"schema": "opencerts/v2.0",
"signature": {
    "merkleRoot": "dbc401436622594ecf53f96e8d12919bd415906ac1851a9f122b28af95e41370",
    "proof": [
        "01e1d08f4c232b2724d74bb32336c7e23c7a9f212dec5689fa1902e1649cfa00",
        "d38602bf36ba8c8ba4d57a62b899bbb8ece2e8310700284d90c94bfba4a7604a",
        "e5b97ed328dee08a1a284452195ef08f6ec408f8b626be0aeedac5d58700a555",
        "11f4fdf2e75b91bf7419d2be1702359b1d5aa2f2b5f1a546eedb4678eb330c52",
        "736af9cc7b8ea04d4b198b21dc1e06b723a7ca69797934b5f27a80aeb375a025",
        "679ebdf78607071f4a9d23628a56ec0b2b9c270b086e569a37ecee01b066b2d2",
        "af456625e14b5357825acbb652cdbf472d577910593bfa4c7fcb8414e2e08fbb",
        "22cb11ffb2c415ca321ab7a819d620218fb4a4a8c8a4326a4282cc5d55bf9e34",
        "58f84158ec196aee577e653336b2ee22f4b4f85346a346daf2a61d4ba05958f6",
        "d2f040a85763bc6b468f86156bb3fd813227bb1d669f885e0b987c4c120e12af",
        "a6d41727a3db4ce5e88ee607ceac6dc9b98161c5ad25f68ae30a264722c6a6a8",
        "1cb195309325d314fbe952e87f633d39f8619bd22f070d3d36cfe149497072f1"
    ],
    "targetHash": "a8c06c8cff4dbe7505d900ec6ff0b4a33181c5e559693ab4689bee2a54e276f4",
    "type": "SHA3MerkleProof"
HJunyuan commented 4 weeks ago

Hi @RP-OIS-SK, are you certain the "merkleRoot": "dbc401436622594ecf53f96e8d12919bd415906ac1851a9f122b28af95e41370" has already been issued on the document store? Looking at the events emitted at this document store, the last issuance was performed 58 days ago (2024-04-12).

You may also debug your issuance process using the Sepolia testnet to perform a single issuance of a certificate, followed by batch issuance of certificates so that you do not need to consume real Ethers.

RP-OIS-SK commented 4 weeks ago

The users said it was issued sometime ago, it is only recently the students complained the they can view the certificate. How to check whether markle root is issued ? Is the markle root hash equal to transaction hash ?

HJunyuan commented 4 weeks ago

You can check whether the merkleRoot was issued before by querying the isIssued function of the contract:

image Source: https://etherscan.io/address/0x18270bA6dA0380a2cbC705bc6C0AD6651282bD14#readContract

In this case, 0xdbc401436622594ecf53f96e8d12919bd415906ac1851a9f122b28af95e41370 has already been issued correctly.

Do you have access to the certificate? Can you try verifying it on opencerts.io using your own computer?

RP-OIS-SK commented 4 weeks ago

I have tested it on a notebook, the same error.

HJunyuan commented 4 weeks ago

Could you please reach out to us using this form so that you can provide the certificate in question in our following email correspondence? Thank you.