Re: [Openca-Users] Upgrading to 1.0x
Hi John, actually the signature generation (PKCS#7) via browser has errors in the 1.0.x version. We already have the patch but we have not released it yet. You can find more information from the WiKi website: http://www.openca.org/wiki/ Go to the OpenCA 1.0.x bug fix section. Later, Max John A. Sullivan III wrote: On Wed, 2008-11-05 at 13:18 +0100, Ralf Hornik Mailings wrote: Hi List, an easy way to upgrade (worked for me): 1. make a backup using openca backup tool from your old ca 2. backup cacert.pem and cacrl.pem, cakey and openssl extfiles (if modified) 3. make a fresh install of OpenCA 1.x 3a create new databases if needed 4. configure the openca 1.x installation (config.xml) 5. recover the backup into OpenCA 1.0x using the backup tool from OpenCA 1.x 6. recover cacert.pem and cacrl.pem, cakey and extfiles (if modified) to OpenCA 1.x NOTE: The CDP may change since OpenCA 1.0 uses different Web Uri's! You have to solve this by yourself! Good Luck! Regards Ralf Thank you, Ralf. I am in the midst of doing this myself. The restoration appear to be flawless but I am finding a problem recognizing new CSRs and signing old CRRs. This could be a configuration error on my part and I will be investigating later this week. There is a change in the database schema. I've not yet examined the actual data to see if it is an issue. I don't recall the column names off hand but the crl table previously used text type columns for crl_key, next_date, and issued_date. Version 1.0.2 uses bigint types. At least this is true for Postgresql. -- Best Regards, Massimiliano Pala --o Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov smime.p7s Description: S/MIME Cryptographic Signature - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
Re: [Openca-Users] Upgrading to 1.0x
On Wed, 2008-11-05 at 13:18 +0100, Ralf Hornik Mailings wrote: > Hi List, > > an easy way to upgrade (worked for me): > > 1. make a backup using openca backup tool from your old ca > 2. backup cacert.pem and cacrl.pem, cakey and openssl extfiles (if modified) > 3. make a fresh install of OpenCA 1.x > 3a create new databases if needed > 4. configure the openca 1.x installation (config.xml) > 5. recover the backup into OpenCA 1.0x using the backup tool from OpenCA 1.x > 6. recover cacert.pem and cacrl.pem, cakey and extfiles (if modified) > to OpenCA 1.x > > NOTE: The CDP may change since OpenCA 1.0 uses different Web Uri's! > You have to solve this by yourself! > > Good Luck! > > Regards > > Ralf Thank you, Ralf. I am in the midst of doing this myself. The restoration appear to be flawless but I am finding a problem recognizing new CSRs and signing old CRRs. This could be a configuration error on my part and I will be investigating later this week. There is a change in the database schema. I've not yet examined the actual data to see if it is an issue. I don't recall the column names off hand but the crl table previously used text type columns for crl_key, next_date, and issued_date. Version 1.0.2 uses bigint types. At least this is true for Postgresql. -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [EMAIL PROTECTED] http://www.spiritualoutreach.com Making Christianity intelligible to secular society - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Upgrading to 1.0x
Hi List, an easy way to upgrade (worked for me): 1. make a backup using openca backup tool from your old ca 2. backup cacert.pem and cacrl.pem, cakey and openssl extfiles (if modified) 3. make a fresh install of OpenCA 1.x 3a create new databases if needed 4. configure the openca 1.x installation (config.xml) 5. recover the backup into OpenCA 1.0x using the backup tool from OpenCA 1.x 6. recover cacert.pem and cacrl.pem, cakey and extfiles (if modified) to OpenCA 1.x NOTE: The CDP may change since OpenCA 1.0 uses different Web Uri's! You have to solve this by yourself! Good Luck! Regards Ralf -- alles bleibt anders... - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Upgrading from previous versions to 1.0.2
Hi all, some people asked me how to upgrade from a previous version to the new one. I do not have installation with large DB, so if any of you has done it, can you please write a small email explaining how did you upgraded and what are the needed operations to do ? We can put that information on the WiKi as it is a FAQ, actually. Thanks, Max -- Best Regards, Massimiliano Pala --o Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov smime.p7s Description: S/MIME Cryptographic Signature - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Upgrading from 0.9.0-2 to 0.9.1-1
Guys, I am planning to upgrade from 0.9.0-2 to 0.9.1-1, is there anything special I should be looking out for ? My plan is to: CA Back up ca.conf, ../openca/var/crypto directories, ../openca/openssl directories. Export the configuration using the links in "Import/Export" Delete everything (more like rename everything to be safe !). Configure the latest build using my old ./configure script. Install the new CA directory structure. Copy back in the ca.conf, crypto and openssl files. Import the data base back in using the "Import/Export" screens. RA Export the data base using "Import/Export" screens. Trash the lot and start again. Import my backup. Import everything from my newly created CA. Do I have to do anything special with the data base export ? Will my serial numbers etc be kept in step ? Chris... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
RE: [Openca-Users] Upgrading
Let me first just say thanks for the feedback! My problem was a little less complicated than that. I was using a much earlier version, like 0.2.0 I think. All I really needed was to import the old certs, not the old database or anything like that. The fix was, to go to the Registration Authority server, then the Registration Authority Admin page. Next click on Input and Output. From there I clicked on Export All. I then found the tar file in /tmp/openca-outca.tar. I untarred it, went to the CERTIFICATE directory, then the VALID directory. I copied all of my valid certificates into there. Once that was done, went to the Import all screen. Once I did that, it then loaded up all my old certificates into the current database. Kinda kludgy, but I think it works. Again, THANKS! Just thought I'd post my follow-up in case anyone else has the same kind of problem. Kevin --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ___ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
Re: [Openca-Users] Upgrading
Kevin Metz schrieb:
>
> I ran a old version of OpenCA and am now forced to upgrade. I downloaded
> the RC2 candidate, and after much puzzling and tweaking I've got the
> basics working. Now, what I REALLY need is to be able to import all my
> old certificates. I never backed them up to disk, so I don't have a tar
> file or anything. How-ever I've got the old OpenCA directory with all
> the files. I already got the certificate keys over and all, and can sign
> new certificates with no problem. How-ever I've tried copying over the
> old certificates, with no success. I've tried the openca-importcerts
> several times with no success. Since this version uses a database, I
> really need to get these imported since there seems to be no other
> alternative. Any assistance would be GREATLY appreciated
OpenCA 0.9.x supports DBM-files. OpenCA::DBI is only recommended because
it is better tested but if you still want to make a complete migration
please read the following small howto :)
The procedure is a little bit more complicated.
1. make an installation of 0.9.x and use OpenCA::DB (which is the
default)
2. copy the old dbm-files to OPENCADIR/var/db. Please check the new
filenames for any namechanges
3. check the databasefiles via the webinterface (are the certificates
and requests listed correctly?)
4. make a backup ("Input and Output" --> "Backup") - please take in mind
that this backup doesn't include the CA-key.
5. activate OpenCA::DBI by changing the DBmodule in
OPENCADIR/etc/servers/*.conf
6. configure your database in OPENCADIR/database/DBI.conf
7. reinitialize your database ("Input and Output" --> "Recovery" -->
"Intialize")
8. import the backup via the function for OpenCA::DB and NOT
OpenCA::DBI. This is important because the backup from the DBM-files
cannot be used to do a replay of logs. So you must use for this initial
recovery the importfunction for OpenCA::DB and not the importfunction
for OpenCA::DBI.
9. Rebuild the OpenSSL files for the next serial and the database.
Best regards,
Michael
--
---
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
___
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Upgrading
I ran a old version of OpenCA and am now forced to upgrade. I downloaded the RC2 candidate, and after much puzzling and tweaking I've got the basics working. Now, what I REALLY need is to be able to import all my old certificates. I never backed them up to disk, so I don't have a tar file or anything. How-ever I've got the old OpenCA directory with all the files. I already got the certificate keys over and all, and can sign new certificates with no problem. How-ever I've tried copying over the old certificates, with no success. I've tried the openca-importcerts several times with no success. Since this version uses a database, I really need to get these imported since there seems to be no other alternative. Any assistance would be GREATLY appreciated Thanks Kevin smime.p7s Description: S/MIME Cryptographic Signature
