Hi Dave, I'll try to find out what happens looking at the source code: > In the RA and CA interface, I get an error: when exactly does this error occur? Immediately when you start up the server or when you try to log in? Or did you already log in and the error occurs when you try to call a command in the menu, and if so, which command? "Get Ca-Certificate" or any other command which needs the CA-Certificate e.g. to sign a request? > > Error Code: 6295020 > [initServer:314] Cannot load certificate > 7ba11e92ef0af195de8e5414a69e65dd41aa39b0 from the database.
initServer:314 is in src/common/lib/functions/initServer and it looks like a problem with access_control it could be a configuration problem. Have a look at those files: etc/openca/rbac/acl.xml etc/openca/access_control/*.xml and see if this makes sense. > With DEBUG turned on, I can see it is attempting to retrieve using the > wrong datatype and table: > > OpenCA::DBI->searchItems: OpenCA::DBI::errno: 0 > OpenCA::DBI->getArguments: entering function > OpenCA::DBI->getArguments: check: > KEY=7ba11e92ef0af195de8e5414a69e65dd41aa39b0 > OpenCA::DBI->getArguments: check: DATATYPE=CERTIFICATE > OpenCA::DBI->getArguments: TABLE:CERTIFICATE > OpenCA::DBI->getArguments: MODE: > > I'm not a perl expert, can someone help? You expect "CA_CERTIFICATE" here, right? I can find Error Code: 6295020 in src/modules/openca-ac/AC.pm >From the position where the error is triggered I would guess the connection to the database was successful, but no certificate was returned. The code first tries to get a "normal" certificate from the database and if the reply is empty, it queries for a CA certificate. The debug output should show up for both queries (if the key refers to the CA certificate) and the second one should be successful. Is the certificate with the above key in the database? Can you check this by means of an sqldump or using sql from the command line? If it is present, acls work fine and the database connection is ok, it might also be a session problem (you log in, but when you issue a command, somehow your browser does not properly send your session back to the server). Maybe there is some hint in the logs in var/log/xml/ (this is just a guess looking at what checkAccess in ./src/modules/openca-ac/AC.pm does.) Best regards, Martin ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
