On this page

Symptoms

Certificate/key pairs cannot be imported in the server any more, and the certificate check output looks like this:

Cause

An OpenSSL function used to check for certificate validity erroneously requires IPv6 to be enabled on the loopback interface. Check whether IPv6 is enabled by running the ip addr ls command; if IPv6 is enabled, the output will look like this:

On the other hand, if IPv6 is disabled, the output of ip addr ls will look like this:

In this case, certificate validation will always fail, and you will need to apply the workaround.

Workaround

Re-enable IPv6 on the server and reboot it.

Resolution

None yet.

Labels
  • None