Hi Jeff, it looks like IP in SAN is broken at the moment by this bug https://github.com/openxpki/openxpki/issues/642
We have reworked the SAN handling earlier this year to support external CAs which very likely introduced this. As we don't recommend IP in SAN (and have not a single customer using this) we don't had this on the test list :( Oliver Am 12.11.20 um 14:55 schrieb Jefferson Dümes: > Hi Oliver, > > Thanks a lot for your reply. > As you mentioned,"no need to upgrade the database schema when > upgrading versions" but I forgot to mention that I changed the > database type to MariaDB and that was causing the problem. > > Now I am recalling why I did not upgrade OpenXPKI before. I just tried > it on the online demo. If you look there you can see many certificates > with subject "CN=mynode,OU=MyDept,O=MyOrg,C=DE" but I just requested > one. The thing is, I requested it with IP in SAN. That makes the > workflow go crazy and issues the certificate on a loop. I can not > retrieve the private Key of those certificates. > > Is there a way to use SAN-IP without having this problem ? > > Regards, > Jeff > > > On Tue, 10 Nov 2020 at 18:43, Oliver Welter <[email protected] > <mailto:[email protected]>> wrote: > > Hi Jeff, > > it is totally fine to use the old database with the old schema > with the new release. There is no need to upgrade the database > schema when upgrading versions as long as we dont give this > information in the release notes (and usually there is no need). > > Your "problem" is that you try to overwrite the new sequences with > the old sequence emulation data - so either you fix this by hand > or go with the old database. > > Oliver > > Am 10.11.20 um 18:00 schrieb Jefferson Dümes: >> Hi People, >> >> I have a dump from my original DB (SELECT VERSION(); >> 10.1.38-MariaDB-1~jessie) which holds the data for the v3.2.1: >> >> mysqldump -h myProdMariaDb --user=openxpki --password \ >> --lock-tables \ >> --databases openxpki > *openxpki-bkp.sql* >> >> And now I was trying to put it on a local DB (SELECT VERSION(); >> 10.5.7-MariaDB-1:10.5.7+maria~buster), in order to upgrade this >> installation to version 3.8. >> >> In local MariaDB I already created an empty database and assign a >> database user: >> CREATE DATABASE openxpki CHARSET utf8; >> CREATE USER 'openxpki'@'localhost' IDENTIFIED BY 'openxpki'; >> GRANT ALL ON openxpki.* TO 'openxpki'@'localhost'; >> flush privileges; mysql -u openxpki -popenxpki openxpki < >> *openxpki-bkp.sql* >> This worked as expected. Then I tried to: >> git clone https://github.com/openxpki/openxpki-config.git >> --branch=community /etc/openxpki-3.8 mysql -u openxpki -popenxpki >> openxpki < /etc/openxpki-3.8/contrib/sql/schema-mariadb.sql >> ERROR 1068 (42000) at line 199: Multiple primary key defined >> >> The line 199 is like: >> ALTER TABLE `aliases` >> ADD PRIMARY KEY (`pki_realm`,`alias`), >> ADD KEY `realm_group` (`pki_realm`,`group_id`); >> >> I am a little lost on how to proceed the upgrade to v3.8 keeping >> the old database. >> >> Regards, >> Jeff >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
