Closed gezhouyu closed 3 years ago
Hi @gezhouyu, very sorry that I missed your question so far. The error message apparently means that the certificate that you want to revoke does not have an Authority Key Identifier X.509 extension but the server requires it.
Hi Sir, I want to revoke a certificate using the RR message. The commands are as follows: _
_
But the following error message is displayed:
_[root@dggphicprd08002 11111]# openssl cmp -cmd rr -server 10.10.10.10:8888 -path cmp/SubCA -srvcert 111.pem -cert Requestor_cert.pem -key Requestor_key.pem -ignore_keyusage -oldcert TestCert1.cer -revreason 0 CMP INFO: using OpenSSL configuration file '/opt/openssl/../openssl-1.1.0j/openssl.cnf' CMP INFO: no [cmp] section found in config file '/opt/openssl/../openssl-1.1.0j/openssl.cnf'; will thus use just [default] and unnamed section if present Enter pass phrase for Requestor_key.pem: CMP INFO: sending rr CMP INFO: got response 140421837416256:error:390C70A9:CMP routines:send_receive_check:received error:crypto/cmp/cmpses.c:221:PKIStatus: rejection; PKIFailureInfo: badCertTemplate; StatusString: "issuer's AKI not present"
Can you give me some guidance on how I'm going to handle this error? Thanks.
Best wishes, Iya