Describe the bug
When I try to sign a document after entering my password the sign procedure fail with a message `This certificate has no revocation information. Signing is not allowed.Contact your administrator.``
To reproduce
- Submit a document for signature
- I am an authenticated user on Nextcloud with my signature and certificate already setup
- Click on received mail link to be redirected to the singing interface
- Click Sign the document
- Enter password
- Click Sign the document
- The signature fails with error message
This certificate has no revocation information. Signing is not allowed. Contact your administrator.
Expected behavior
The signature should be a success
Screenshots
Environment information
OS : Rocky linux - Podman - Nexcloud AIO
Browser : Firefox
LibreSign version : Version 12.4.3
Nexcloud Server version : Nextcloud Hub 25 Autumn (32.0.8)
Additional context
I have made an upgrade from Nextcloud 31 to Nextcloud 32.
I also have made some tests trying to pinpoint the problem :
- I create a user certificate with cfssl engine selected => ERROR
This certificate has no revocation information. Signing is not allowed. Contact your administrator.
- I create a user certificate with cfssl engine selected, then I change the engine to openssl before signature, I sign the document => ERROR :
This certificate has no revocation information. Signing is not allowed. Contact your administrator.
- I create a user certificate with openssl engine selected => ERROR :
Cannot reach the certificate revocation service. Signing is not allowed.
- I create a user certificate with openssl engine selected, then I change then engine to cfssl before signature, I sign the document => SUCCESS It work ! 🤯
Also, note that in the LibreSign CRL Managment page there is a cfssl root CA that DO NOT have the same serial that my certificate located in /mnt/ncdata/appdata_xxxxxx/libresign/pki/xxxxxxxxx_3_cfssl. If I remember well during all my tests, I may regenerate a certificate, but wanted to keep the original one, so I put back the original certificate from a backup. So it may because of this, and I don't know how to import correctly my original Root CA certificat.
And about OpenSSL Root CA, I don't really remember If I regenerate one, but what I'm sure is that there is no Root CA in CRL Managment page. And the serial of my OpenSSL root CA is serial=00.
Finally, note that all my existing (before upgrade) users certificate are not display in the CRL Managment page, and if I delete a user certificate and reimport it, nothing is added in CRL Managment page.
Sorry for the mess of my tests, could be more than one problem in that issue; don't hesitate to tell me which problem need to be in a separate issue.
Also, feel free to ask me more information, I will be happy to provide it.
Thanks
Describe the bug
When I try to sign a document after entering my password the sign procedure fail with a message `This certificate has no revocation information. Signing is not allowed.Contact your administrator.``
To reproduce
This certificate has no revocation information. Signing is not allowed. Contact your administrator.Expected behavior
The signature should be a success
Screenshots
Environment information
OS : Rocky linux - Podman - Nexcloud AIO
Browser : Firefox
LibreSign version : Version 12.4.3
Nexcloud Server version : Nextcloud Hub 25 Autumn (32.0.8)
Additional context
I have made an upgrade from Nextcloud 31 to Nextcloud 32.
I also have made some tests trying to pinpoint the problem :
This certificate has no revocation information. Signing is not allowed. Contact your administrator.This certificate has no revocation information. Signing is not allowed. Contact your administrator.Cannot reach the certificate revocation service. Signing is not allowed.Also, note that in the LibreSign CRL Managment page there is a cfssl root CA that DO NOT have the same serial that my certificate located in
/mnt/ncdata/appdata_xxxxxx/libresign/pki/xxxxxxxxx_3_cfssl. If I remember well during all my tests, I may regenerate a certificate, but wanted to keep the original one, so I put back the original certificate from a backup. So it may because of this, and I don't know how to import correctly my original Root CA certificat.And about OpenSSL Root CA, I don't really remember If I regenerate one, but what I'm sure is that there is no Root CA in CRL Managment page. And the serial of my OpenSSL root CA is serial=00.
Finally, note that all my existing (before upgrade) users certificate are not display in the CRL Managment page, and if I delete a user certificate and reimport it, nothing is added in CRL Managment page.
Sorry for the mess of my tests, could be more than one problem in that issue; don't hesitate to tell me which problem need to be in a separate issue.
Also, feel free to ask me more information, I will be happy to provide it.
Thanks