Michael, > > Perhaps this will be much faster if you use a cryptoaccelerator. We do a > lot of crypto operations during the issuing of certificates.
This is something we can look into. but the log file > > had not been updated, and no certs had been archived. I manually tar'ed > > the "enroll" directory. > > Which log file should be updated during export? If you import objects > then you write a log file for the imported objects (to send it back to > the exporting interface if you export something) and you import the log > files from the exporting interface (to know which objects are already > known on the other interface). export-import.lib doesn't generate log > files during an export. It only exports some already existing log files. I am talking about the 3_VALID_CERTIFICATE.log file, it must be updated somewhere about this process. > Now the exported objects are known on the CA node and will not be > exported again but the performance is still poor. Yes, it knows because of the above log file (?). > Good observation. I checked the code again and I think the major problem > is not the parsing because this is trivial. I open, read and close the > logfile for every object seperately (10.000 times)! The function is > eximMustBeExported. Does it be ok to implement a global variable > %exim_file_cache to cache all the logfiles? I attached a first version > of a fixed export-import.lib to reduce the IO load (if you run top then > "system" should be reduced). Cool, I have tried this one, it seems to work, but I stopped it at 1.5 hours !!! Also the CPU load for the process was running at 95%. > It is not rare if you have to support all students with certificates if > the semester (term-time?) starts but I think hardwareaccelerators can be > really useful here. Yep, this is exactly what I was thinking. > I hope you can test the export-import.lib again because it looks like > the biggest problem today. > I think it would be worth a chat in the developers list, I think it is failing on my system after it has completed the generation of the PEM files. Chris... ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
