> To move & upgrade my CA I did... > > 1) Old node of ca/ra I made a backup. > 2) Configure config.xml and run configure_etc.sh > 3) Copy var/crypto/keys/cakey.pem > 4) run openca_start > 5) New node of ca/ra... > Administration->Backup and Recovery > Initialize Database ( ok ) > Restore Database ( ok ) > Rebuild OpenSSL's database and next serialnumber > > ---Issue--- > > Try to recover OpenSSL's index database > (Please wait until operation completes) > Create backups of index.txt and serial ... > > /home/openca/offline/Elysium_Open_Systems_root_CA/var/crypto/index.txt > > /home/openca/offline/Elysium_Open_Systems_root_CA/var/crypto/serial > > Loading the Objects ... > > VALID_CA_CERTIFICATE: 7FFFFFFF
I've lost begginig of the thread, but this is indeed BigInt serial issue specific to Debian's openssl. CA's certificate serial number is cause of that. You have two options: 1st. use bigint patches from debian/patches on CVS. But on production system I'd recomend to test those patches first. 2nd. Perhaps at that step of recovery, database objects were restored already from the backup, so you just may copy index.txt, crlnumber and serial from the old installation, as somebody sugested already. Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
