Thanks, Dave. I put the key in the correct place, but the backup restore function did not ask for a password, so I put the password in the token.xml file. That allowed the restore to load all the files, or so it seemed. After what looke like a successful restore in the openca gui, I check the database, and there are no certs or crls or anything else. They are not in the crypto directories either. Even when run under debuggin, there'sno clear problem. When I looked at the mysql queries that were run, we get this:
62 Query update certificate set data='', format='' , status='', dn='', cn='', email='', role='', public_key='', req_key='', notbefore='', notafter='', suspended_after='', revoked_after='', invalidity_reason='', loa='' where cert_key='' note that all the fields are blank; the certificate table had 1 row in it, all blanks. Is it possible that the backup from 0.9.3 is not compatible with 1.5.1? I've been looking at the code, but have yet to understand what is happenning during this import. Does anyone have a clue what might be the problem? On Wed, Nov 27, 2013 at 2:27 PM, <blain...@gdls.com> wrote: > I believe you must copy the CA key in place (it is not in backup) > > Dave > > > ----- Original Message ----- > From: Mike Schmidt [mike.schm...@intello.com] > Sent: 11/26/2013 11:56 PM EST > To: "Users' Help and Suggestions" <openca-users@lists.sourceforge.net> > Subject: Re: [Openca-Users] Cannot restore backup from 1.9.3 on openca1.5.1 > > > > btw, when here is a part of the debug listing: > > OpenCA::OpenSSL->_execute_command: entering function > OpenCA::OpenSSL->_start_shell: try to start shell > OpenCA::OpenSSL->_start_shell: | /usr/bin/openssl > 1>/opt/openca/var/openca/tmp/26455_stdout.log > 2>/opt/openca/var/openca/tmp/26455_stderr.log > OpenCA::OpenSSL->_start_shell: shell started > OpenCA::OpenSSL->_execute_command: ca -gencrl -out > /opt/openca/var/openca/tmp/26455_crl.tmp -config > /opt/openca/etc/openca/openssl/openssl.cnf -keyfile > /opt/openca/var/openca/crypto/keys/cakey.pem -cert > /opt/openca/var/openca/crypto/cacerts/cacert.pem > > OpenCA::OpenSSL->_execute_command: executed > OpenCA::OpenSSL->_execute_command: command executed - stopping shell > OpenCA::OpenSSL->_stop_shell: try to stop shell > OpenCA::OpenSSL->_execute_command: check for error > OpenCA::OpenSSL->_execute_command: detected error log > OpenCA::OpenSSL->_execute_command: stderr: Using configuration from > /opt/openca/etc/openca/openssl/openssl.cnf > User interface error > unable to load CA private key > 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password > read:pem_lib.c:454: > error in ca > > OpenCA::OpenSSL->setError: errno: 7777067 > OpenCA::OpenSSL->setError: errval: Using configuration from > /opt/openca/etc/openca/openssl/openssl.cnf > User interface error > unable to load CA private key > 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password > read:pem_lib.c:454: > error in ca > > OpenCA::OpenSSL->setError: errno: 7733071 > OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->issueCrl: OpenSSL > failed (7777067). Using configuration from > /opt/openca/etc/openca/openssl/openssl.cnf > User interface error > unable to load CA private key > 139935115806536:error:0906A068:PEM routines:PEM_do_header:bad password > read:pem_lib.c:454: > error in ca > > > > Finally, in another gterm window I find this: > > Enter pass phrase for /opt/openca/var/openca/crypto/keys/cakey.pem: > > > I'd really appreciate knowing how to solve this problem. Thank you in > advance for any ideas. > > > > On Tue, Nov 26, 2013 at 11:31 PM, Mike Schmidt <mike.schm...@intello.com> > wrote: >> After turning on debug (after figuring out how), I see that the >> problem the problem is that openssl does not have the password for the >> ca key. The database restore command does not ask for it, and I can't >> remember if it should be stored somewhere. I've also tried copying my >> db (mysql) from 0.9.3 and then converting it with the command on the >> CA init db page, but that also fails with the same problem. >> >> I need to migrate from the old machine, and cannot generate a new CA >> certificate, since I already have a large number of certificates in >> circulation. I nned to be able to migrate the old CA certificate. >> >> >> >> >> On Mon, Nov 25, 2013 at 9:13 AM, Mike Schmidt <mike.schm...@intello.com> >> wrote: >>> I've just installed openca 1.5.1 on Centos6.4 64bit, using the rpms >>> supplied by openca. >>> On trying to import my db backed up from openca 0.9.3rc1, I get the >>> following error: >>> >>> Test the archive ... >>> /bin/tar -tvf /tmp/openca_local >>> Importing archive ... >>> Load required variables ... >>> Changing to directory /opt/openca/var/openca/tmp/tmp_17807 ... >>> Running the import command(s) ... >>> /bin/tar -xvf /tmp/openca_local -C /opt/openca/var/openca/tmp/tmp_17807 >>> Importing valid CA_CERTIFICATE ... >>> Cleaning up the collected import logs ... >>> f91f78eff1be9458f571f895653435e57fe8b8c2.pem inserted >>> Importing expired CA_CERTIFICATE ... >>> Cleaning up the collected import logs ... >>> No objects are present. >>> Importing new CRR ... >>> Cleaning up the collected import logs ... >>> No objects are present. >>> Importing pending CRR ... >>> Cleaning up the collected import logs ... >>> No objects are present. >>> Importing signed CRR ... >>> Cleaning up the collected import logs ... >>> No objects are present. >>> Importing approved CRR ... >>> Cleaning up the collected import logs ... >>> No objects are present. >>> Importing archived CRR ... >>> Cleaning up the collected import logs ... >>> 18689.crr inserted >>> 20993.crr updated >>> 1537.crr updated >>> 10753.crr updated >>> 8705.crr updated >>> 21249.crr updated >>> 7169.crr updated >>> 11777.crr updated >>> 13057.crr updated >>> 14081.crr updated >>> 17153.crr updated >>> 1281.crr updated >>> 513.crr updated >>> 12545.crr updated >>> 20225.crr updated >>> 4609.crr updated >>> 19969.crr updated >>> 10241.crr updated >>> 17665.crr updated >>> 9473.crr updated >>> 17921.crr updated >>> 16641.crr updated >>> 15617.crr updated >>> 19713.crr updated >>> 14593.crr updated >>> 2561.crr updated >>> 22273.crr updated >>> 18945.crr updated >>> 3073.crr updated >>> 9729.crr updated >>> 6913.crr updated >>> 15361.crr updated >>> 8449.crr updated >>> 3841.crr updated >>> 10497.crr updated >>> 4097.crr updated >>> 21505.crr updated >>> 16897.crr updated >>> 9985.crr updated >>> 16129.crr updated >>> 12801.crr updated >>> 6401.crr updated >>> 17409.crr updated >>> 7425.crr updated >>> 11009.crr updated >>> 13825.crr updated >>> 12033.crr updated >>> 15873.crr updated >>> 3585.crr updated >>> 11265.crr updated >>> 2049.crr updated >>> 9217.crr updated >>> 257.crr updated >>> 3329.crr updated >>> 13569.crr updated >>> 11521.crr updated >>> 8193.crr updated >>> 769.crr updated >>> 7681.crr updated >>> 1025.crr updated >>> 8961.crr updated >>> 2817.crr updated >>> 14337.crr updated >>> 19457.crr updated >>> 20481.crr updated >>> 4353.crr updated >>> 18433.crr updated >>> 4865.crr updated >>> 2305.crr updated >>> 1793.crr updated >>> 19201.crr updated >>> 21761.crr updated >>> 13313.crr updated >>> 7937.crr updated >>> 22017.crr updated >>> 20737.crr updated >>> 5121.crr updated >>> 14849.crr updated >>> 12289.crr updated >>> 6657.crr updated >>> 15105.crr updated >>> 16385.crr updated >>> 18177.crr updated >>> Importing deleted CRR ... >>> Cleaning up the collected import logs ... >>> 5377.crr updated >>> 6145.crr updated >>> 5633.crr updated >>> 5889.crr updated >>> Importing valid CRL ... >>> Cleaning up the collected import logs ... >>> 20060505153209.pem inserted >>> >>> General Error >>> Error Code: 700 >>> The compilation of the command cmdImportDB failed. Can't call method >>> "setStatus" on an undefined value at >>> /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3456. >>> >>> >>> There is nothing in the database (mysql) and nothing in stderr for this. >>> >>> Any ideas what I should be looking for? I untarred the backup and it >>> looks ok at first glance. >>> >>> -- >>> Mike SCHMIDT >>> CTO >>> Intello Technologies Inc. >>> mike.schm...@intello.com >>> Canada: 1-888-404-6261 x320 >>> USA: 1-888-404-6268 x320 >>> Mobile: 514-409-6898 >>> www.intello.com >> >> >> >> -- >> Mike SCHMIDT >> CTO >> Intello Technologies Inc. >> mike.schm...@intello.com >> Canada: 1-888-404-6261 x320 >> USA: 1-888-404-6268 x320 >> Mobile: 514-409-6898 >> www.intello.com > > > > -- > Mike SCHMIDT > CTO > Intello Technologies Inc. > mike.schm...@intello.com > Canada: 1-888-404-6261 x320 > USA: 1-888-404-6268 x320 > Mobile: 514-409-6898 > www.intello.com > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users -- Mike SCHMIDT CTO Intello Technologies Inc. mike.schm...@intello.com Canada: 1-888-404-6261 x320 USA: 1-888-404-6268 x320 Mobile: 514-409-6898 www.intello.com ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
