Hi Michael, I would just like to ask you that whatever strategy you guys come up with should allow me to import the certificates from the previous releases of openCA (like it does now).
My proposal would be the following: Control the export of PKI objects by having 2 functions: 1) "Export new", where you would export all the new objects (cert, requests...). You can use the flag in the database to indicate what objects have already been exported. 2) "Export range" where you would export objects in specified range (either by date or serial number). This should not be too complicated to do (at least GUI wise). Two textboxes where user can specify range of objects to export should do it. Whatever you do, try to avoid storing the information about exports outside of the database itself. Then on import you have two choices in terms of design: 1) Reject duplicates 2) Allow duplicates that would result in updates rather then inserts. -----Original Message----- From: Michael Bell [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 4:35 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [OpenCA-Devel] Re: [Openca-Users] Mail and import export counters Hi Dejan, the problem with the mailcounter is fixed now. The problem was a wrong tar-filter in export-import-lib at exportMails. There is a line "tar -c *" but "tar -c *.msg" is correct. The fix is available via CVS (but you can do it by hand too). The second problem is a general problem because we have actually no mechanism to track exports. The problem is that the CA must now during export which objects are already at the RA and the RA must now during the export which objects are already at the CA. The other problem is that we have actually an unclean export-strategy. We export pending requests too. So there is some work necessary to cleanup this area: 1. CA --> RA VALID_CERT VALID_CA_CERT REVOKED_CERT ARCHIVED_REQUEST DELETED_REQUEST ARCHIVED_CRR CRL 2. RA --> CA SUSPENDED_CERT APPROVED_REQUEST DELETED_REQUEST APPROVED_CRR DELETED_CRR The next step is to design a mechanism to track exports. Any ideas? Michael P.S. Perhaps this is a topic for openca-devel. -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
