On Thu, Mar 07, 2002 at 11:32:37AM +0100, Michael Bell wrote:
> Lutz Jaenicke schrieb:
> > * unfortunately it seems that the database structure changed between
> > 0.8.1 and 0.9, but I did not find any "migration" documentation.
> > Of course I need to keep the already established CA and other
> > certificates.
>
> OpenCA v0.9 can import backups but they must have a special format. The
> structure you can find in src/cgi-bin/cgi-ca/lib/export-import.lib. It
> should look like:
>
> CERTIFICATE/
> VALID/
> EXPIRED/
> REVOKED/
> SUSPENDED/
>
> other objects in perl from sourcecode:
> REQUEST => [ "PENDING", "APPROVED", "ARCHIVIED", "DELETED",
> "RENEW" ],
> CA_CERTIFICATE => [ "VALID", "EXPIRED" ],
> CRL => [ "VALID" ],
> CRR => [ "PENDING", "APPROVED", "ARCHIVIED", "DELETED" ],
> LOG => [ "ALL" ],
>
> The filenames have the format SERIAL.FORMAT
>
> The code for the generation of the name and the data is:
>
> ## get content and format for file
> if( $datatype [0] =~ /(REQUEST|CRR)/i ) {
> $txtItem = $value->getParsed()->{ITEM};
> $format = $value->getParsed()->{TYPE};
> } else {
> if ( $datatype [0] =~ /CERTIFICATE/i) {
> $txtItem = $value->getPEMHeader ()."\n";
> } else {
> $txtItem = "-----BEGIN HEADER-----\n".$value->getHeader
> ()."-----END HEADER-----\n";
> }
> $txtItem .= $value->getPEM();
> $txtItem .= $value->getParsed()->{KEY};
> $format = "PEM";
> }
> $format =~ s/\s/_/g;
>
> # serial
> my $serial;
> if ($datatype [0] =~ /^CERTIFICATE/) {
> $serial = $value->getParsed()->{SERIAL};
> } elsif ($datatype [0] =~ /(REQUEST|CRR)/) {
> $serial = $value->getParsed()->{DBKEY};
> } else { # CRL,CA_CERTIFICATE
> $serial = $cryptoShell->getDigest ( DATA => $value->getPEM());
> }
>
> txtItem is the data which should be stored in the file. I would only
> recommend this if you are an expert or you have enough time.
>
> Cheers, Michael
>
> P.S. if you only need the valid certificates put them into
> CERTIFICATE/VALID/12345.pem. The format is:
> -----BEGIN HEADER-----
> data from the column info
> -----END HEADER-----
> data from the column data
>
> Now you can import the data via "Input and Output" --> recovery with
> import database - don't use replay log (importDB works for SQL-DBs too).
Thanks for your detailed explanation. That was more or less what I was
looking for.
I first broke my fingers when trying to install OpenCA 0.9
because the "configure" options changed but giving the old options
did not cause any error messages, it was simply ignored...
Now I have yesterdays snapshot running and am working on importing back
the data.
* The CA-certificate is back. For reasons I don't know (yet), it is displayed
with a serial number of "dc05d9...."
* The issued certificates are back as well (serial numbers are correct).
* One revoked certificate is also back.
Now I am trying to sort out how to transfer the other items.
For some reason whatsoever, my old OpenCA installation does not work
any longer: all databases are listed as being "empty". Probably some part
was overwritten while I was still struggling with the installation paths :-(
Fortunately, it was not too difficult to extend openca-dblist to also
print out the contents of the databases, which fortunately is cleartext.
At least with the new backup-routines and the structure known, one can
easily set up things and test and check things out. The backup
(import/export) with the documentation you sent is already worth half
of the trouble to move up to the new "unstable" 0.9.
So much for now :-) More tests to come once I have moved everything to
0.9...
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
