Other idea - put the pem-file of the ca.certificate as a tar-file on aFlopy (or your configured dataexchange media) on the CA and import the certificate as you will do after signing it by a foreign CA. I hope thi=
s
will import the certificate correctly into the database and not overwrite some informaton (dont try it with your live data !!).
this is really worth a try.
I have done the following successfully:
- connect to database - 'delete from ca_certificate' - table should now be empty - import the ca cert as Oliver mentioned above: - put the CA certificate (PEM format) in the current directory - name it 'cacert.pem' - assuming you use /dev/fd0 as exchange medium: tar cf /dev/fd0 cacert.pem - run the import step of OpenCA initialization - now the CA certificate should be successfully imported in your var/crypto/cacerts and in the database
Assuming you have a backup, this is also safe on a production system if you know what you are doing.
Hello,
thanks for the continued support and the detailed step-by-step info!
I tried to do it but the import failed as it could not find any configuration information in the tar file:
+++++++++
Cannot change directory to /usr/local/openca-0.9.2.1/OpenCA/var/tmp/tmp_14770/Configuration!
0 ++++++++
What makes me wonder is: if I put only the certificate file in the tar file, how should the server know what to do with the file?! Isn't it necessary to put it in a directory structure like
CA_CERTIFICATE/VALID/my_cacert.pem so the server would know where to place it in its database?
Another thing that occured to me is that maybe the table layout differs between the different versions.
Could anyone please send me the output of "describe ca_certificate" on the database for a 0.9.2.1 version ra server? I would like to make a comparison with the old layout from 0.9.1.8.
Best regards, Elke
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
