I am having some trouble with the auto certificate issuing daemon in OpenCA v 1.1.0. The daemon starts and successfully signs and returns a number of certificates, but then stops working without warning. I applied all the patches for v1.1.0 but it did not seem to help… I did notice that the published patches have a lower version number than the files that are included in the source for v1.1.0.
I am using libpki-0.6.5, openca-tools-1.3.0, and openca-base-1.1.0. All packages are built from source on CentOS 5.6 64-bit. After the auto daemon dies, its deactivation time is reported as “Wed Dec 31 19:00:00 1969”. Due to the “MySQL server has gone away” errors in the log file, I have tried increasing the MySQL database timeout to its maximum value of 31,536,000 seconds, but this did not seem to make a difference. Max's post at http://sourceforge.net/mailarchive/forum.php?thread_name=4B835C8B.7060107%40cs.dartmouth.edu&forum_name=openca-users makes it sound like this problem has been fixed, but it is not clear to me in which version, or if I need to patch additional files to make this work reliably. Relevant sections of stderr.log are as follows: [Auto Certificate Issuing enabled via Web interface] initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. libGetPidProcessStatus::Pidfile does not exists! cmds->advanced_csr: LOANames: 1 cmds->advanced_csr: LOANames: 2 cmds->advanced_csr: LOANames: 3 cmds->advanced_csr: LOANames: 4 cmds->advanced_csr: LOANames: 5 OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. libGetPidProcessStatus::Pidfile does not exists! OpenCA::Crypto->getToken: entering function OpenCA::Crypto->getToken: CA OpenCA::Crypto->getToken: token added OpenCA::Crypto->getToken: token is present OpenCA::Crypto->getToken: token is usable OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. OpenCA::Crypto->getToken: entering function OpenCA::Crypto->getToken: CA OpenCA::Crypto->getToken: token added OpenCA::Crypto->getToken: token is present OpenCA::Crypto->getToken: token is usable OpenCA::OpenSSL->dataConvert: resetting error from -1 to 0. OpenCA::OpenSSL->dataConvert: resetting errno from 7700110 to 0. OpenCA::OpenSSL->setError: errno: 0 OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->dataConvert: passwd is set OpenCA::OpenSSL->dataConvert: inpwd is set OpenCA::OpenSSL->dataConvert: outpwd is set OpenCA::OpenSSL->dataConvert: command=pkcs8 -passin env:inpwd -passout env:outpwd -out /opt/openca/var/openca/tmp/7484_cnv.tmp -in /opt/openca/var/openca/crypto/keys/cakey.pem -topk8 -outform PEM -inform PEM OpenCA::OpenSSL->dataConvert: using infile OpenCA::OpenSSL->_execute_command: entering function OpenCA::OpenSSL->_start_shell: try to start shell OpenCA::OpenSSL->_start_shell: | /usr/bin/openssl 1>/opt/openca/var/openca/tmp/7484_stdout.log 2>/opt/openca/var/openca/tmp/7484_stderr.log OpenCA::OpenSSL->_start_shell: shell started OpenCA::OpenSSL->_execute_command: pkcs8 -passin env:inpwd -passout env:outpwd -out /opt/openca/var/openca/tmp/7484_cnv.tmp -in /opt/openca/var/openca/crypto/keys/cakey.pem -topk8 -outform PEM -inform PEM OpenCA::OpenSSL->_execute_command: executed OpenCA::OpenSSL->_execute_command: command executed - stopping shell OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_execute_command: check for error OpenCA::OpenSSL->_execute_command: detected error log OpenCA::OpenSSL->_execute_command: stderr: OpenCA::OpenSSL->_execute_command: leaving successful (return: 1) OpenCA::OpenSSL->dataConvert: openssl itself successful OpenCA::OpenSSL->dataConvert: passphrases deleted OpenCA::OpenSSL->dataConvert: return result like follows OpenCA::OpenSSL->dataConvert: -----BEGIN ENCRYPTED PRIVATE KEY----- [key omitted] -----END ENCRYPTED PRIVATE KEY----- DBD::mysql::db commit failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3549. DBD::mysql::db commit failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3549. OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell [Begin certificate requests via SCEP interface] [166 certificates successfully signed and returned] DBD::mysql::db rollback failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3530. OpenCA: General error trapped 700: The compilation of the command cmdStartAutoCA failed. Can't use an undefined value as a HASH reference at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/X509.pm line 671.<br> Compilation failed in require at /opt/openca/etc/openca/openca_start line 65. OpenCA::OpenSSL->_stop_shell: try to stop shell I would appreciate any direction you can provide. Please let me know if any additional information would be helpful. -- View this message in context: http://old.nabble.com/Auto-Certificate-Issuing-Daemon-dies-tp33934571p33934571.html Sent from the openca-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
