Re: AW: AW: AW: AW: [Openca-Users] No certificates are present

Mon, 30 Jan 2006 04:16:05 -0800 

Sorry Mario, I did not see your first message.

As a matter of interest, I did not need to do any manual inserting of CA
certificate, it all went across nicely when we did the first transfer.
And our system uses mysql. Has an online and offline machine.

I suggest you need to concentrate your investigation on whats gone wrong
with the that first transfer ? I'd bet the problems can be traced to
there.

David

On Mon, 2006-01-30 at 12:53 +0100, Mario Caspari wrote:
> Hi David,
> 
> of course i've done the mysql setup and by initializing the CA the 
> Ca_Certificate was 

> inserted correctly into the mysql database on the ca node, also the 
> ca-admin's and 

> ra-admins certificates. On the ra node also the initializing process was done 
> properly. 

> Like I described last week,I've imported the ca_vcertificate to the ra-node 
> by hand, 

> also into the mysql database, by executing a sql insert statement. 

> The Public interface shows the Ca-Certificate correctly.
> 
> Regards Mario
> 
>  
> 
> > -----Ursprüngliche Nachricht-----
> > Von: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] Im Auftrag 
> > von David Bannon
> > Gesendet: Montag, 30. Januar 2006 11:27
> > An: [email protected]
> > Betreff: Re: AW: AW: AW: [Openca-Users] No certificates are present
> > 
> > 
> > Mario, did you setup mysql ?  My install notes  include :
> > 
> > This is needed on Online and Offline. You will need to determine a
> > 'root' mysql passwd (in our case its the std master passwd we use for
> > MYSQL here at VPAC) and a user name and passwd that OpenCA can use to
> > talk to mysql, got to match those in the config.xml. Needless 
> > to say, we
> > don't use the ones below so make some changes before issuing these
> > commands.
> > 
> > mysql_install_db
> > 
> > You might need to add --skip-bdb into mysqld_safe line
> > in /etc/init.d/mysqld because of a centos bug (sometimes). see
> > http://bugs.centos.org/view.php?id=869
> > 
> > service mysqld start
> > /usr/bin/mysqladmin -u root password 'SOME_PASSWD'
> > /usr/bin/mysqladmin -u root -h ca.apac.edu.au password 'SOME_PASSWD'
> > 
> > connect to mysql as root and create an open ca account who can make a
> > database.
> > 
> > mysql -p 
> > GRANT create,drop,select,delete,insert,update ON openca_db.* 
> > TO 'openca_u'@'localhost' IDENTIFIED by 'USER_PW';
> > create database openca_db;
> > exit;
> >  
> > service mysqld start
> > 
> > David
> > 
> > 
> > On Mon, 2006-01-30 at 10:45 +0100, Mario Caspari wrote:
> > > Hello Georg,
> > > 
> > > The documentation says it supports either postgreSQL and 
> > mySQL...and in another testing environment which all things 
> > (ca + ra) on one machine it's already working. OK, I'll 
> > append the stderr.log to this posting.Is there something to 
> > do elsewhere the config.xml to set up the DBI mode for mysql? 
> > The dbi.conf.template is generated automatically. Perhaps 
> > there is to define the charset for the DBMS elsewhere? My 
> > install paramters where with-hiewrarchy-level=ca for the Ca 
> > and =ra for the online part, so I've got the right hierarchy setup.
> > > 
> > > PKI Master Alert: Logging error
> > > PKI Master Alert: Aborting all operations
> > > PKI Master Alert: Error:   64510030
> > > PKI Master Alert: Message: Das Hinzufügen einer Nachricht 
> > schlug für das Protokollierungssystem sys_syslog fehl 
> > (6511070). Es konnte nicht auf das Syslog-Gerät geschrieben werden.
> > > PKI Master Alert: debugging messages of logging follow
> > > OpenCA: Allgemeiner Fehler 6296060: Erlaubnis verweigert at 
> > /usr/OpenCA/modules/perl5/OpenCA/UI/HTML.pm line 179.
> > > Compilation failed in require at ./openca_start line 62.
> > > 2006/01/27-13:30:48 Server closing!
> > > DEBUG: OpenCA::DBI->new: checking for backend
> > > DEBUG: OpenCA::DBI->new: defining the class parameters
> > > DEBUG: OpenCA::DBI->new: rewrite table spaces if necessary 
> > (namespace)
> > > DEBUG: OpenCA::DBI->new: checking the configuration for enough data
> > > DEBUG: OpenCA::DBI->new: preparing the database (vendor dependent)
> > > DEBUG: OpenCA::DBI->new: mysql detected
> > > DEBUG: OpenCA::DBI->new: DB: 
> > dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=0
> > > DEBUG: OpenCA::DBI->new: OpenCA::DBI should now complete
> > > DEBUG: OpenCA::DBI->Entering set_error ...
> > > DEBUG: OpenCA::DBI->errno: gettext is defined
> > > DEBUG: OpenCA::DBI->errno: old errno 11111 is present
> > > DEBUG: OpenCA::DBI->errno: new errorcode is 11111
> > > Process Backgrounded
> > > 2006/01/27-13:31:08 OpenCA::Server (type Net::Server::Fork) 
> > starting! pid(3465)
> > > Binding to UNIX socket file 
> > /var/lib/openca/tmp/openca_socket using SOCK_STREAM
> > > Setting gid to "33 33"
> > > Setting uid to "33"
> > > DEBUG: OpenCA::DBI->DESTROY: automatic commit by destructor DESTROY
> > > DEBUG: OpenCA::DBI->commit: entering function
> > > DEBUG: OpenCA::DBI->errno: returning local errorcode 0
> > > DEBUG: OpenCA::DBI->Entering set_error ...
> > > DEBUG: OpenCA::DBI->errno: gettext is defined
> > > 2006/01/30-07:25:38 Server closing!
> > > DEBUG: OpenCA::DBI->DESTROY: automatic commit by destructor DESTROY
> > > DEBUG: OpenCA::DBI->commit: entering function
> > > DEBUG: OpenCA::DBI->errno: returning local errorcode 0
> > > DEBUG: OpenCA::DBI->Entering set_error ...
> > > DEBUG: OpenCA::DBI->errno: gettext is defined
> > > DEBUG: OpenCA::DBI->new: checking for backend
> > > DEBUG: OpenCA::DBI->new: defining the class parameters
> > > DEBUG: OpenCA::DBI->new: rewrite table spaces if necessary 
> > (namespace)
> > > DEBUG: OpenCA::DBI->new: checking the configuration for enough data
> > > DEBUG: OpenCA::DBI->new: preparing the database (vendor dependent)
> > > DEBUG: OpenCA::DBI->new: mysql detected
> > > DEBUG: OpenCA::DBI->new: DB: 
> > dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=0
> > > DEBUG: OpenCA::DBI->new: OpenCA::DBI should now complete
> > > DEBUG: OpenCA::DBI->Entering set_error ...
> > > DEBUG: OpenCA::DBI->errno: gettext is defined
> > > DEBUG: OpenCA::DBI->errno: old errno 11111 is present
> > > DEBUG: OpenCA::DBI->errno: new errorcode is 11111
> > > Process Backgrounded
> > > 2006/01/30-07:26:00 OpenCA::Server (type Net::Server::Fork) 
> > starting! pid(4750)
> > > Binding to UNIX socket file 
> > /var/lib/openca/tmp/openca_socket using SOCK_STREAM
> > > Setting gid to "33 33"
> > > Setting uid to "33"
> > > DEBUG: OpenCA::DBI->DESTROY: automatic commit by destructor DESTROY
> > > 
> > > Somebody knows what's running wrong here?
> > > 
> > > Greetings Mario
> > > 
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: [EMAIL PROTECTED] 
> > > > [mailto:[EMAIL PROTECTED] Im Auftrag 
> > > > von Georg Lippold
> > > > Gesendet: Samstag, 28. Januar 2006 13:35
> > > > An: [email protected]
> > > > Betreff: Re: AW: AW: [Openca-Users] No certificates are present
> > > > 
> > > > Hello Mario,
> > > > 
> > > > I also experienced some problems with mysql, but I don't remember
> > > > exactly which. Finally, I settled for postgresql and 
> > everything runs
> > > > smooth now. IIRC the documentation doesn't recommend 
> > mysql but rather
> > > > postgresql or some other "real" database.
> > > > 
> > > > Greetings,
> > > > 
> > > > Georg
> > > > 
> > > > Mario Caspari wrote:
> > > > > Hello Georg,
> > > > > 
> > > > > Thanx for your answer.
> > > > > I already did this, and I only found the directory 
> > > > structure, but it was empty...no files in it...so I went to 
> > > > copy the cacerts by hand, like Til advised. Than I went to 
> > > > create a normal users certifcate over the pub interface, 
> > > > signed it by the RA-Admin's certificate and tried to import 
> > > > it to the higher level, the CA, to sign it. But here also the 
> > > > structure was created, but without contents. So, importing it 
> > > > to the CA failed, of course. Perhaps there is a problem with 
> > > > the mysql database, but the ra and the ca interfaces are able 
> > > > to write into it. But the dataexchange scripts are possibly 
> > > > not able to start a select query during the export 
> > process from mysql?
> > > > > 
> > > > > Regards Mario
> > > > >  
> > > > > 
> > > > > 
> > > > >>-----Ursprüngliche Nachricht-----
> > > > >>Von: [EMAIL PROTECTED] 
> > > > >>[mailto:[EMAIL PROTECTED] Im Auftrag 
> > > > >>von Georg Lippold
> > > > >>Gesendet: Freitag, 27. Januar 2006 12:14
> > > > >>An: [email protected]
> > > > >>Betreff: Re: AW: [Openca-Users] No certificates are present
> > > > >>
> > > > >>Hi Mario,
> > > > >>
> > > > >>the file on the disk is a tar file. You should be able 
> > to extract it
> > > > >>somewhere and examine its contents. If you can't find any 
> > > > certificates
> > > > >>in it, it is probably a bug.
> > > > >>
> > > > >>Greetings,
> > > > >>
> > > > >>Georg
> > > > >>
> > > > >>Mario Caspari wrote:
> > > > >>
> > > > >>>Hello,
> > > > >>>
> > > > >>>Thanks for your hints ;-), but if that behaviour is a bug, 
> > > > >>
> > > > >>I'm wondering that there is no message about it?
> > > > >>
> > > > >>>Regards, Mario
> > > > >>>
> > > > >>> 
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>>-----Ursprüngliche Nachricht-----
> > > > >>>>Von: [EMAIL PROTECTED] 
> > > > >>>>[mailto:[EMAIL PROTECTED] Im Auftrag 
> > > > >>>>von Obes, Til
> > > > >>>>Gesendet: Freitag, 27. Januar 2006 08:06
> > > > >>>>An: [email protected]
> > > > >>>>Betreff: RE: [Openca-Users] No certificates are present
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>hmmm.nobody is answering to my question.
> > > > >>>>>
> > > > >>>>>Nobody knows or it has been answered already one 
> > million times?
> > > > >>>>>Anyway, I can't find the answers, so I'm also happy 
> > with a hint 
> > > > >>>>>where to look. 
> > > > >>>>
> > > > >>>>3 hints:
> > > > >>>>- dont write hmtl emails
> > > > >>>>- make wraps after 80 chars
> > > > >>>>- that could be a bug, because if i remember right, i had 
> > > > >>>> to copy them by hand
> > > > >>>>
> > > > >>>>Regards
> > > > >>>>Til
> > > > >>>>
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>-------------------------------------------------------
> > > > >>>This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > > > >>
> > > > >>through log files
> > > > >>
> > > > >>>for problems?  Stop!  Download the new AJAX search engine 
> > > > that makes
> > > > >>>searching your log files as easy as surfing the  web.  
> > > > >>
> > > > >>DOWNLOAD SPLUNK!
> > > > >>
> > > > 
> > >>>http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > > > >>>_______________________________________________
> > > > >>>Openca-Users mailing list
> > > > >>>[email protected]
> > > > >>>https://lists.sourceforge.net/lists/listinfo/openca-users
> > > > >>>
> > > > >>>
> > > > >>
> > > > >>
> > > > >>-------------------------------------------------------
> > > > >>This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > > > >>through log files
> > > > >>for problems?  Stop!  Download the new AJAX search 
> > engine that makes
> > > > >>searching your log files as easy as surfing the  web.  
> > > > >>DOWNLOAD SPLUNK!
> > > > >>http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > > > >>_______________________________________________
> > > > >>Openca-Users mailing list
> > > > >>[email protected]
> > > > >>https://lists.sourceforge.net/lists/listinfo/openca-users
> > > > >>
> > > > > 
> > > > > 
> > > > > 
> > > > > -------------------------------------------------------
> > > > > This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > > > through log files
> > > > > for problems?  Stop!  Download the new AJAX search 
> > engine that makes
> > > > > searching your log files as easy as surfing the  web.  
> > > > DOWNLOAD SPLUNK!
> > > > > http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > > > > _______________________________________________
> > > > > Openca-Users mailing list
> > > > > [email protected]
> > > > > https://lists.sourceforge.net/lists/listinfo/openca-users
> > > > > 
> > > > > 
> > > > 
> > > > 
> > > > -------------------------------------------------------
> > > > This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > > > through log files
> > > > for problems?  Stop!  Download the new AJAX search engine 
> > that makes
> > > > searching your log files as easy as surfing the  web.  
> > > > DOWNLOAD SPLUNK!
> > > > http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > > > _______________________________________________
> > > > Openca-Users mailing list
> > > > [email protected]
> > > > https://lists.sourceforge.net/lists/listinfo/openca-users
> > > > 
> > > 
> > > 
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > through log files
> > > for problems?  Stop!  Download the new AJAX search engine that makes
> > > searching your log files as easy as surfing the  web.  
> > DOWNLOAD SPLUNK!
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> > > _______________________________________________
> > > Openca-Users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/openca-users
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep 
> > through log files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  
> > DOWNLOAD SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Openca-Users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/openca-users
> > 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to