Re: [Openca-Users] Bug in RA when

M.-A. DARCHE Mon, 21 Mar 2005 06:02:39 -0800

M.-A. DARCHE a �crit :

Ives Steglich a �crit :

now, we have the problem ;)
configuration doesn't export the ca-certs and crls (i think)
you should use ALL


Sorry, with this message I do not announce succes yet :-\

I have reinstalled the CA server with 0.9.2.2 code from
scratch to be sure to have a clean situation.

Here is what I have on the CA server when it comes to the
certificates on the filesystem. Note that no file has 0 byte ;-) :

/usr/local/pki-ca# ls -la openca/var/crypto/* -rw-r----- 1 www-data www-data 3 Mar 21 14:08 openca/var/crypto/crlnumber -rw-r--r-- 1 www-data www-data 99 Mar 21 14:23 openca/var/crypto/index.txt -rw-r--r-- 1 www-data www-data 21 Mar 21 14:23 openca/var/crypto/index.txt.attr -rw-r----- 1 www-data www-data 0 Mar 21 14:08 openca/var/crypto/index.txt.old -rw-r--r-- 1 www-data www-data 3 Mar 21 14:23 openca/var/crypto/serial -rw-r----- 1 www-data www-data 3 Mar 21 14:08 openca/var/crypto/serial.old

openca/var/crypto/cacerts: total 20 drwxr-s--- 2 www-data www-data 312 Mar 21 14:19 . drwxr-s--- 8 www-data www-data 400 Mar 21 14:23 .. lrwxrwxrwx 1 root www-data 10 Mar 21 14:08 bp_cert.pem -> cacert.pem lrwxrwxrwx 1 root www-data 10 Mar 21 14:08 cacert.cer -> cacert.der lrwxrwxrwx 1 root www-data 10 Mar 21 14:08 cacert.crt -> cacert.pem -rw-r--r-- 1 www-data www-data 1810 Mar 21 14:19 cacert.der -rw-r--r-- 1 www-data www-data 2508 Mar 21 14:19 cacert.pem -rw-r--r-- 1 www-data www-data 8412 Mar 21 14:19 cacert.txt lrwxrwxrwx 1 root www-data 10 Mar 21 14:08 keybackup_cert.pem -> cacert.pem lrwxrwxrwx 1 root www-data 10 Mar 21 14:08 log_cert.pem -> cacert.pem

openca/var/crypto/certs:
total 12
drwxr-s---  2 www-data www-data   72 Mar 21 14:23 .
drwxr-s---  8 www-data www-data  400 Mar 21 14:23 ..
-rw-r--r--  1 www-data www-data 9319 Mar 21 14:23 01.pem

openca/var/crypto/chain:
total 8
drwxr-s---  2 www-data www-data  136 Mar 21 14:20 .
drwxr-s---  8 www-data www-data  400 Mar 21 14:23 ..
lrwxrwxrwx  1 www-data www-data   10 Mar 21 14:20 2c6ab091.0 -> cacert.crt
-rw-r--r--  1 pki      pki      1538 Mar 21 14:08 Makefile
-rw-r--r--  1 www-data www-data 2508 Mar 21 14:19 cacert.crt

openca/var/crypto/crls:
total 0
drwxr-s---  2 www-data www-data  48 Mar 21 14:08 .
drwxr-s---  8 www-data www-data 400 Mar 21 14:23 ..

openca/var/crypto/keys: total 8 drwxr-s--- 2 www-data www-data 208 Mar 21 14:23 . drwxr-s--- 8 www-data www-data 400 Mar 21 14:23 .. -rw------- 1 www-data www-data 1024 Mar 21 14:23 .rand lrwxrwxrwx 1 root www-data 9 Mar 21 14:08 bp_key.pem -> cakey.pem -rw-r--r-- 1 www-data www-data 3311 Mar 21 14:16 cakey.pem lrwxrwxrwx 1 root www-data 9 Mar 21 14:08 keybackup_key.pem -> cakey.pem lrwxrwxrwx 1 root www-data 9 Mar 21 14:08 log_key.pem -> cakey.pem

openca/var/crypto/reqs:
total 4
drwxr-s---  2 www-data www-data   80 Mar 21 14:19 .
drwxr-s---  8 www-data www-data  400 Mar 21 14:23 ..
-rw-r--r--  1 www-data www-data 1671 Mar 21 14:19 careq.pem


Is it normal that the openca/var/crypto/crls directory is empty?
I'm asking because, Ives, you have mentionned it. At this time I
haven't revoked any certificate, so this should be alright I guess.


The problem is in the exported tar archive. Whatever I do ("Enroll
data -> All" or "Enroll data -> Certificates") it never contains any
certificate. So for example here is the ouput of an "Enroll
data -> All" command.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exporting all certificates to a lower level of the hierarchy ...
(Please wait until operation completes)
Exporting the Mails ... Exporting archive ...

Load required variables ...

Changing to directory /usr/local/pki-ca/openca/var/tmp/tmp_7580 ...

Running the export command(s) ...

/bin/tar -cvpf /usr/local/pki-ca/openca/var/tmp/down -C /usr/local/pki-ca/openca/var/tmp/tmp_7580 .

Archive created successfully.

Test the archive ...

/bin/tar -tvf /usr/local/pki-ca/openca/var/tmp/down

Clean up ...Ok.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

And here is the content of the "down" file:

/usr/local/pki-ca# tar tvf /usr/local/pki-ca/openca/var/tmp/down
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRL/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRL/VALID/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/NEW/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/APPROVED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/ARCHIVED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/SIGNED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/PENDING/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CRR/DELETED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/ALL/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/ENROLL/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/UPLOAD/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/DOWNLOAD/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./LOG/RECEIVE/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./MAIL/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./MAIL/CRINS/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./MAIL/DEFAULT/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CA_CERTIFICATE/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CA_CERTIFICATE/VALID/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CA_CERTIFICATE/EXPIRED/
-rw-r--r-- www-data/www-data 1 2005-03-21 14:54:50 ./module.id
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CERTIFICATE/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CERTIFICATE/VALID/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CERTIFICATE/SUSPENDED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CERTIFICATE/EXPIRED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./CERTIFICATE/REVOKED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/NEW/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/APPROVED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/RENEW/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/ARCHIVED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/SIGNED/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/PENDING/
drwx--S--- www-data/www-data 0 2005-03-21 14:54:50 ./REQUEST/DELETED/


So how can I have an archive containing the ca certificate?


Cheers,

--
Marc-Aur�le DARCHE
NUXEO (Paris, France)                     http://nuxeo.com/
Nuxeo Collaborative Portal Server (CPS)   http://www.cps-project.org/
Gestion de contenu web / portail collaboratif / logiciel libre

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Re: [Openca-Users] Bug in RA when

Reply via email to