May be missing something obvious here, but when issuing a certificate on 6.44, I can no longer import them to a device running the 6.42.12 long-term branch. I notice the changelog does show that some things have changed with certificates in 6.44, but nothing that looked like it would break backwards compatibility.
As far as I can tell, I'm not doing anything special:
Is this expected behaviour, have I messed up and should be doing something different on the 6.44 certificate issuance process, or is this a bug?
Code: Select all
# Create and export from 6.44: [admin@ca] > /certificate add common-name=$certname name=$certname key-usage=tls-client key-size=4096 days-valid=365 [admin@ca] > /certificate sign ca=$caname $certname [admin@ca] > /certificate export-certificate $certname export-passphrase=$passphrase type=pkcs12 # Import to 6.42.12 [admin@client] > /certificate import file-name=$certfile passphrase=$passphrase certificates-imported: 0 private-keys-imported: 0 files-imported: 0 decryption-failures: 1 keys-with-no-certificate: 0 # Import to 6.44 [admin@client] > /certificate import file-name=$certfile passphrase=$passphrase certificates-imported: 2 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0
Thanks in advance folks!