I believe you must copy the CA key in place (it is not in backup) Dave
----- Original Message ----- From: Mike Schmidt [mike.schm...@intello.com] Sent: 11/26/2013 11:56 PM EST To: "Users' Help and Suggestions" <openca-users@lists.sourceforge.net> Subject: Re: [Openca-Users] Cannot restore backup from 1.9.3 on openca1.5.1 btw, when here is a part of the debug listing: OpenCA::OpenSSL->_execute_command: entering function OpenCA::OpenSSL->_start_shell: try to start shell OpenCA::OpenSSL->_start_shell: | /usr/bin/openssl 1>/opt/openca/var/openca/tmp/26455_stdout.log 2>/opt/openca/var/openca/tmp/26455_stderr.log OpenCA::OpenSSL->_start_shell: shell started OpenCA::OpenSSL->_execute_command: ca -gencrl -out /opt/openca/var/openca/tmp/26455_crl.tmp -config /opt/openca/etc/openca/openssl/openssl.cnf -keyfile /opt/openca/var/openca/crypto/keys/cakey.pem -cert /opt/openca/var/openca/crypto/cacerts/cacert.pem OpenCA::OpenSSL->_execute_command: executed OpenCA::OpenSSL->_execute_command: command executed - stopping shell OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_execute_command: check for error OpenCA::OpenSSL->_execute_command: detected error log OpenCA::OpenSSL->_execute_command: stderr: Using configuration from /opt/openca/etc/openca/openssl/openssl.cnf User interface error unable to load CA private key 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454: error in ca OpenCA::OpenSSL->setError: errno: 7777067 OpenCA::OpenSSL->setError: errval: Using configuration from /opt/openca/etc/openca/openssl/openssl.cnf User interface error unable to load CA private key 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454: error in ca OpenCA::OpenSSL->setError: errno: 7733071 OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->issueCrl: OpenSSL failed (7777067). Using configuration from /opt/openca/etc/openca/openssl/openssl.cnf User interface error unable to load CA private key 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454: error in ca Finally, in another gterm window I find this: Enter pass phrase for /opt/openca/var/openca/crypto/keys/cakey.pem: I'd really appreciate knowing how to solve this problem. Thank you in advance for any ideas. On Tue, Nov 26, 2013 at 11:31 PM, Mike Schmidt <mike.schm...@intello.com> wrote: > After turning on debug (after figuring out how), I see that the > problem the problem is that openssl does not have the password for the > ca key. The database restore command does not ask for it, and I can't > remember if it should be stored somewhere. I've also tried copying my > db (mysql) from 0.9.3 and then converting it with the command on the > CA init db page, but that also fails with the same problem. > > I need to migrate from the old machine, and cannot generate a new CA > certificate, since I already have a large number of certificates in > circulation. I nned to be able to migrate the old CA certificate. > > > > > On Mon, Nov 25, 2013 at 9:13 AM, Mike Schmidt <mike.schm...@intello.com> > wrote: >> I've just installed openca 1.5.1 on Centos6.4 64bit, using the rpms >> supplied by openca. >> On trying to import my db backed up from openca 0.9.3rc1, I get the >> following error: >> >> Test the archive ... >> /bin/tar -tvf /tmp/openca_local >> Importing archive ... >> Load required variables ... >> Changing to directory /opt/openca/var/openca/tmp/tmp_17807 ... >> Running the import command(s) ... >> /bin/tar -xvf /tmp/openca_local -C /opt/openca/var/openca/tmp/tmp_17807 >> Importing valid CA_CERTIFICATE ... >> Cleaning up the collected import logs ... >> f91f78eff1be9458f571f895653435e57fe8b8c2.pem inserted >> Importing expired CA_CERTIFICATE ... >> Cleaning up the collected import logs ... >> No objects are present. >> Importing new CRR ... >> Cleaning up the collected import logs ... >> No objects are present. >> Importing pending CRR ... >> Cleaning up the collected import logs ... >> No objects are present. >> Importing signed CRR ... >> Cleaning up the collected import logs ... >> No objects are present. >> Importing approved CRR ... >> Cleaning up the collected import logs ... >> No objects are present. >> Importing archived CRR ... >> Cleaning up the collected import logs ... >> 18689.crr inserted >> 20993.crr updated >> 1537.crr updated >> 10753.crr updated >> 8705.crr updated >> 21249.crr updated >> 7169.crr updated >> 11777.crr updated >> 13057.crr updated >> 14081.crr updated >> 17153.crr updated >> 1281.crr updated >> 513.crr updated >> 12545.crr updated >> 20225.crr updated >> 4609.crr updated >> 19969.crr updated >> 10241.crr updated >> 17665.crr updated >> 9473.crr updated >> 17921.crr updated >> 16641.crr updated >> 15617.crr updated >> 19713.crr updated >> 14593.crr updated >> 2561.crr updated >> 22273.crr updated >> 18945.crr updated >> 3073.crr updated >> 9729.crr updated >> 6913.crr updated >> 15361.crr updated >> 8449.crr updated >> 3841.crr updated >> 10497.crr updated >> 4097.crr updated >> 21505.crr updated >> 16897.crr updated >> 9985.crr updated >> 16129.crr updated >> 12801.crr updated >> 6401.crr updated >> 17409.crr updated >> 7425.crr updated >> 11009.crr updated >> 13825.crr updated >> 12033.crr updated >> 15873.crr updated >> 3585.crr updated >> 11265.crr updated >> 2049.crr updated >> 9217.crr updated >> 257.crr updated >> 3329.crr updated >> 13569.crr updated >> 11521.crr updated >> 8193.crr updated >> 769.crr updated >> 7681.crr updated >> 1025.crr updated >> 8961.crr updated >> 2817.crr updated >> 14337.crr updated >> 19457.crr updated >> 20481.crr updated >> 4353.crr updated >> 18433.crr updated >> 4865.crr updated >> 2305.crr updated >> 1793.crr updated >> 19201.crr updated >> 21761.crr updated >> 13313.crr updated >> 7937.crr updated >> 22017.crr updated >> 20737.crr updated >> 5121.crr updated >> 14849.crr updated >> 12289.crr updated >> 6657.crr updated >> 15105.crr updated >> 16385.crr updated >> 18177.crr updated >> Importing deleted CRR ... >> Cleaning up the collected import logs ... >> 5377.crr updated >> 6145.crr updated >> 5633.crr updated >> 5889.crr updated >> Importing valid CRL ... >> Cleaning up the collected import logs ... >> 20060505153209.pem inserted >> >> General Error >> Error Code: 700 >> The compilation of the command cmdImportDB failed. Can't call method >> "setStatus" on an undefined value at >> /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3456. >> >> >> There is nothing in the database (mysql) and nothing in stderr for this. >> >> Any ideas what I should be looking for? I untarred the backup and it >> looks ok at first glance. >> >> -- >> Mike SCHMIDT >> CTO >> Intello Technologies Inc. >> mike.schm...@intello.com >> Canada: 1-888-404-6261 x320 >> USA: 1-888-404-6268 x320 >> Mobile: 514-409-6898 >> www.intello.com > > > > -- > Mike SCHMIDT > CTO > Intello Technologies Inc. > mike.schm...@intello.com > Canada: 1-888-404-6261 x320 > USA: 1-888-404-6268 x320 > Mobile: 514-409-6898 > www.intello.com -- Mike SCHMIDT CTO Intello Technologies Inc. mike.schm...@intello.com Canada: 1-888-404-6261 x320 USA: 1-888-404-6268 x320 Mobile: 514-409-6898 www.intello.com ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
