Message: 4
Date: Thu, 13 Jan 2005 16:52:11 +0100 (CET)
Subject: Re: [Openca-Users] transfer certificates database from 0.9.1.8 to 0.9.2.1
From: "Martin Bartosch" <[EMAIL PROTECTED]>
To: [email protected]
Reply-To: [email protected]
Hi,
we have some problems to get the contents of our current ca into the ne=
w
version 0.9.2.1, especially into the ra/pub server.
Our current ca and combined ra+pub servers use openca 0.9.1.8 on RedHat
[...]
How can we transfer the existing data from our old server to the new on=
e?
Are there changes to the backup file structure or something that preven=
t
the restore from working?! Do we have to make some manual adjustments to the backup file? Or do we have to install the old version, transfer the data and finally do a version update over the installed software?
I am not familiar with the versions before 0.9.2, but you could try the following:
On the old 0.9.1 system - archive the old openca/var/crypto directory - manually export the database (e. g. create a SQL dump)
On the 0.9.2.1 system - extract the var/crypto directory - manually import the database contents
Only the gurus here know if this will work (don't know if the SQL schema has changed), but it is worth a try if the new machine is still pristine and there is nothing to lose...
Good luck,
Martin
Thanks very much for the tip, I tried and it worked...almost...
the certificates look good, but the ca certificate is shown with a wrong serial key, and when I click on it to display the contents I get an error that the ca certificate was not found in the database.
The ca certificate serial key in the DB is ok, but somehow the openca commands are not able to correctly extract it.
I did some simple perl debugging by adding some "Dumper" lines to the commands used to display the ca certificate and found that the table content is correctly read from the db. But when the "getSerial" part is reached where the key should be extracted from the entry, there is an "undef" value reported. My guess would be that because of this "undef" value some garbage is displayed in the serial key field...But as I have no deeper knowledge in perl I am not able to further go into it.
My next attempt was to install the old version for an update, but here I fail at the very beginning with the error "cannot initialize crypto shell (/usr/bin/openssl)".
I found a lot of information on this one, but no solution at all.
The openssl path is correct in the etc/servers/*conf files, openssl is installed in the system's default /usr/bin directory and it is version 0.9.7d.
I even tried to copy the whole openca dir with software, certs and everything from our old redhat system to the new suse machine, but even then I get the same crypto shell error as above...
Any other suggestions anyone?!
Thanks again & regards, Elke
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
