Lutz Jaenicke schrieb:
>
> Unfortunately people using IE (different versions) only get disappointing
> results (generation of certificate requests does not work), some of them
> installed Netscape 6.2 and it also does not work (error was already reported
> on an openca-mailinglist, as I've seen).
The code for IE should be much better in 0.9. If not then we will fix
it. Netscape 6.x/Mozilla has a heavy bug. You can find the bug on
bugzilla. You can only generate requests if you use very special
settings. We support now in v0.9 a new type of requests where OpenCA
generate the private key and the request on the server. So the user must
go to the RA and the RA Operator can give him all the necessary data on
a disc in PKCS#12- or normal PEM-format (only the user knows the
passphrase for the key).
> * is there hope that IE gets better support with 0.9?
Yes.
> * unfortunately it seems that the database structure changed between
> 0.8.1 and 0.9, but I did not find any "migration" documentation.
> Of course I need to keep the already established CA and other
> certificates.
OpenCA v0.9 can import backups but they must have a special format. The
structure you can find in src/cgi-bin/cgi-ca/lib/export-import.lib. It
should look like:
CERTIFICATE/
VALID/
EXPIRED/
REVOKED/
SUSPENDED/
other objects in perl from sourcecode:
REQUEST => [ "PENDING", "APPROVED", "ARCHIVIED", "DELETED",
"RENEW" ],
CA_CERTIFICATE => [ "VALID", "EXPIRED" ],
CRL => [ "VALID" ],
CRR => [ "PENDING", "APPROVED", "ARCHIVIED", "DELETED" ],
LOG => [ "ALL" ],
The filenames have the format SERIAL.FORMAT
The code for the generation of the name and the data is:
## get content and format for file
if( $datatype [0] =~ /(REQUEST|CRR)/i ) {
$txtItem = $value->getParsed()->{ITEM};
$format = $value->getParsed()->{TYPE};
} else {
if ( $datatype [0] =~ /CERTIFICATE/i) {
$txtItem = $value->getPEMHeader ()."\n";
} else {
$txtItem = "-----BEGIN HEADER-----\n".$value->getHeader
()."-----END HEADER-----\n";
}
$txtItem .= $value->getPEM();
$txtItem .= $value->getParsed()->{KEY};
$format = "PEM";
}
$format =~ s/\s/_/g;
# serial
my $serial;
if ($datatype [0] =~ /^CERTIFICATE/) {
$serial = $value->getParsed()->{SERIAL};
} elsif ($datatype [0] =~ /(REQUEST|CRR)/) {
$serial = $value->getParsed()->{DBKEY};
} else { # CRL,CA_CERTIFICATE
$serial = $cryptoShell->getDigest ( DATA => $value->getPEM());
}
txtItem is the data which should be stored in the file. I would only
recommend this if you are an expert or you have enough time.
Cheers, Michael
P.S. if you only need the valid certificates put them into
CERTIFICATE/VALID/12345.pem. The format is:
-----BEGIN HEADER-----
data from the column info
-----END HEADER-----
data from the column data
Now you can import the data via "Input and Output" --> recovery with
import database - don't use replay log (importDB works for SQL-DBs too).
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core Developer]
http://www.openca.org
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
