Sorry for the late answer, I wanted to do many tests before making sound
on the list.
Jorge Davila a écrit :
If this is not the first try to initialize the RA you can drop/create
the database for RA and inspect the $OPENCADIR/var/crypto directories to
search for the old certs that was created if the first tries. Of course,
revoke the old certs,
As you suggested I have revoked all the certificates of my CA except
those of the CA administrator, the RA administrator and those of three
colleagues who are working with the PKI.
The revocations went fine for all those certificates. But afterward
the request certification with the USB token failed none-the-less :-(
I wish to add that I could never achieve a certificate generation with
the USB token, so there cannot be in the CA/RA any certificate
previously generated through the USB token.
Here is a listing of $OPENCADIR/var/crypto/certs where are the only
certs I could fine except the classical certs and private keys of the
CA itself.
$ ls openca/var/crypto/certs/
total 221
drwxr-s--- 2 www-data www-data 696 Jun 21 17:25 .
drwxr-s--- 8 www-data www-data 472 Jun 28 15:30 ..
-rw-r--r-- 1 www-data www-data 9319 Mar 21 14:23 01.pem
-rw-r--r-- 1 www-data www-data 7669 Mar 21 17:30 02.pem
-rw-r--r-- 1 www-data www-data 7516 Mar 23 11:57 03.pem
-rw-r--r-- 1 www-data www-data 7250 Mar 23 12:21 04.pem
-rw-r--r-- 1 www-data www-data 7304 Mar 23 12:46 05.pem
-rw-r--r-- 1 www-data www-data 7250 Mar 23 16:33 06.pem
-rw-r--r-- 1 www-data www-data 7274 Mar 23 17:56 07.pem
-rw-r--r-- 1 www-data www-data 7514 Mar 23 18:04 08.pem
-rw-r--r-- 1 www-data www-data 7245 Mar 25 16:01 09.pem
-rw-r--r-- 1 www-data www-data 7253 Mar 25 16:19 0A.pem
-rw-r--r-- 1 www-data www-data 7251 Mar 25 16:43 0B.pem
-rw-r--r-- 1 www-data www-data 7252 Mar 25 16:49 0C.pem
-rw-r--r-- 1 www-data www-data 7258 Mar 25 17:15 0D.pem
-rw-r--r-- 1 www-data www-data 7258 Mar 25 17:34 0E.pem
-rw-r--r-- 1 www-data www-data 7251 Mar 29 14:58 0F.pem
-rw-r--r-- 1 www-data www-data 7408 Mar 29 15:34 10.pem
-rw-r--r-- 1 www-data www-data 7402 Mar 29 15:46 11.pem
-rw-r--r-- 1 www-data www-data 7402 Mar 29 16:38 12.pem
-rw-r--r-- 1 www-data www-data 6677 Mar 29 17:04 13.pem
-rw-r--r-- 1 www-data www-data 7443 Mar 29 17:34 14.pem
-rw-r--r-- 1 www-data www-data 7195 Mar 30 17:12 15.pem
-rw-r--r-- 1 www-data www-data 7163 Mar 30 17:18 16.pem
-rw-r--r-- 1 www-data www-data 7163 Apr 1 11:32 17.pem
-rw-r--r-- 1 www-data www-data 7176 Apr 1 11:54 18.pem
-rw-r--r-- 1 www-data www-data 7198 Apr 20 14:20 19.pem
-rw-r--r-- 1 www-data www-data 7139 Jun 21 15:37 1A.pem
-rw-r--r-- 1 www-data www-data 6427 Jun 21 17:25 1B.pem
too you can try delete the the key (primary keys
of the old certs in the database located in the CA - not private keys)
Are talking about removing entries in the SQL database?
Which entries should I remove? Could you be a bit more
specific please, I don't want to mess up the whole installation if
possible.
Jorge, did I gave you enough information for a possible diagnostic?
Cheers,
--
Marc-Aurèle DARCHE
NUXEO (Paris, France) http://nuxeo.com/
Nuxeo Collaborative Portal Server (CPS) http://www.cps-project.org/
Gestion de contenu web / portail collaboratif / logiciel libre
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
