Re: [Openca-Users] Bug in RA when trying to consult or approve a CSR

M.-A. DARCHE Mon, 21 Mar 2005 03:28:36 -0800


[Sorry this is a very long email]

M.-A. DARCHE a �crit :


So I should build and use SQL database on both CA and RA servers.


I have rebuild the CA and RA with SQL support, I'm using PostgreSQL,
and I still get the same error. The move from LDBM to SQL has not solve
the problem.

From "openca/var/log/stderr.log":

OpenCA: General error trapped 700: The compilation of the command
cmdViewCSR failed. Can't use an undefined value as a HASH reference at
/usr/local/pki-ra/openca/lib/functions/crypto-utils.lib line 1149.<br>
Compilation failed in require at openca/etc/openca_start line 62.


And openca/etc/openca_start line 62 reads the following statement:

  require "$common_libs/initServer";


From those elements I guess that the problem is that the RA was somehow
not well initialized and that it maybe lacks an HASH that should have
been generated but hasn't been. Am I right? What should be done to
righlty initialize de RA?

For the initialization of the RA I went to the RA node and did:
"Administration" -> "Server Init" -> "Initialize Database" ->
"Initialize Database".
"Administration" -> "Server Init" -> "Initialize Database" ->
"Import Configuration".

Everything seemed to went fine, and the CA certificate now appears
in the var/crypto directory of the RA. Here is the related listing:

openca/var/crypto/cacerts:
total 0
drwxr-s---  2 www-data www-data 312 Mar 21 10:52 .
drwxr-s---  8 www-data www-data 280 Mar 11 18:14 ..
lrwxrwxrwx  1 root     www-data  10 Mar 11 18:14 bp_cert.pem -> cacert.pem
lrwxrwxrwx  1 root     www-data  10 Mar 11 18:14 cacert.cer -> cacert.der
lrwxrwxrwx  1 root     www-data  10 Mar 11 18:14 cacert.crt -> cacert.pem
-rw-r--r--  1 www-data www-data   0 Mar 21 11:15 cacert.der
-rw-r--r--  1 www-data www-data   0 Mar 21 11:15 cacert.pem
-rw-r--r--  1 www-data www-data   0 Mar 21 11:15 cacert.txt
lrwxrwxrwx  1 root     www-data  10 Mar 11 18:14 keybackup_cert.pem ->
cacert.pem
lrwxrwxrwx  1 root     www-data  10 Mar 11 18:14 log_cert.pem -> cacert.pem

openca/var/crypto/certs:
total 0
drwxr-s---  2 www-data www-data  48 Mar 11 18:14 .
drwxr-s---  8 www-data www-data 280 Mar 11 18:14 ..

openca/var/crypto/chain:
total 4
drwxr-s---  2 www-data www-data  152 Mar 21 11:15 .
drwxr-s---  8 www-data www-data  280 Mar 11 18:14 ..
lrwxrwxrwx  1 www-data www-data   10 Mar 21 10:52 .0 -> cacert.crt
lrwxrwxrwx  1 www-data www-data   10 Mar 21 11:15 .1 -> cacert.crt
-rw-r--r--  1 pki      pki      1538 Mar 14 16:36 Makefile
-rw-r--r--  1 www-data www-data    0 Mar 21 11:15 cacert.crt

openca/var/crypto/crls:
total 0
drwxr-s---  2 www-data www-data  48 Mar 11 18:14 .
drwxr-s---  8 www-data www-data 280 Mar 11 18:14 ..

openca/var/crypto/keys:
total 0
drwxr-s---  2 www-data www-data 152 Mar 11 18:14 .
drwxr-s---  8 www-data www-data 280 Mar 11 18:14 ..
lrwxrwxrwx  1 root     www-data   9 Mar 11 18:14 bp_key.pem -> cakey.pem
lrwxrwxrwx  1 root     www-data   9 Mar 11 18:14 keybackup_key.pem ->
cakey.pem
lrwxrwxrwx  1 root     www-data   9 Mar 11 18:14 log_key.pem -> cakey.pem

openca/var/crypto/reqs:
total 0
drwxr-s---  2 www-data www-data  48 Mar 11 18:14 .
drwxr-s---  8 www-data www-data 280 Mar 11 18:14 ..

The only problem at this point is that the links bp_key.pem,
keybackup_key.pem and log_key.pem are dead links. Is that important,
at least at this stage?

As for the SQL database everything seems also fine:
$ LC_ALL=C psql -U openca openca-ra
Welcome to psql 7.4.7, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

openca-ra=> \d
            List of relations
 Schema |      Name      | Type  | Owner
--------+----------------+-------+--------
 public | ca_certificate | table | openca
 public | certificate    | table | openca
 public | crl            | table | openca
 public | crr            | table | openca
 public | request        | table | openca
(5 rows)

While I am waiting for any of your help I'm installing and configuring
a new CA + RA pair using the new OpenCA 0.9.2.2 code. Maybe this will
solve the problem but I'm not too confident :-(


--
Marc-Aur�le DARCHE
NUXEO (Paris, France)                     http://nuxeo.com/
Nuxeo Collaborative Portal Server (CPS)   http://www.cps-project.org/
Gestion de contenu web / portail collaboratif / logiciel libre

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Re: [Openca-Users] Bug in RA when trying to consult or approve a CSR

Reply via email to