I received your samples (and reproduced your CA with test keys locally
thanks to your samples provided), but even with them I cannot reproduce
on a Debian 12.12 fresh installation with XCA even with your
reproduction instructions.
(I sent you a separate email independently by the way)
Thomas
On 2025-11-10 16:51, Joshua Hudson wrote:
On that report, we may remove the "grave"; I'm not sure what went
wrong on my machine, nor any way to get at it.
My reproduction is trivial: import, sign, export, open .der file and
it's broken, and it's an all-defaults install.
I'm going to send some samples privately because I don't want google
to index them.
On Mon, Nov 10, 2025 at 12:16 PM Thomas Ward<[email protected]> wrote:
Control: tags -1 + unreproducible
I loaded up an oldstable bookworm system, and used XCA's internal templates to
create a CA certificate. From that, I was able to use Debian Bookworm's own
OpenSSL version to generate a CSR, which I imported into XCA without issue. I
was then able to use XCA to sign the CSR and generate a certificate (using SSL
server template in XCA again to make sure proper items are set on teh
certificate for extensions), and then after exporting that certificate, OpenSSL
was able to properly read the certificate without issues.
Your issue is not able to be reproduced in XCA, so we need a lot more
information about your environment, XCA settings, CA cert settings, key algos,
etc. to have a minimum reproducible example.
Thomas
