Re: [Openca-Users] CA Database problems with CRRs and CRLs? [usingv0.9.1-RC7]

Wed, 13 Nov 2002 00:31:54 -0800 

Craig McGregor wrote:

1. Manually creating CRLs

When using a SQL database for the CA,  am unable to export generated CRL's to
the RA. This works if the CA is built with --enable-db --disable-dbi but does
not work when built with --disable-db --enable dbi.

I think the problem is that the CRL does not seem to get added to CRL in the
database. (SELECT * FROM crl; returns "Empty set")

The CRLs to exist in the [openca]/var/crypto/crls directory.

This occurs using mysql for the database. Is this a known problem? Or this there
something potentially incorrect in my configuration?
This problem was fixed on 2002-Nov-04. The file is src/common/lib/cmds/genCRL.

2. Batch Revocation
When running the batch process to revoke certificates I seem to get caught in
an indefinite loop. (due to #1 this is with --enable-db) I think that the same
record is being returned from the database to the while($request = $db->getNextItem
... loop in [openca]/lib/cmds/bpRevokeCerticate
I test the batchprocessor until now only with DBI. The only part which was tested with DBM-files was the normal requesthandling. This problem should affect listReqs too.

This script also seems to have problems verifying the roles of the certificate
being revoked and the role of the CRR signer if I make it skip that check.
Ok, I will check it. Please bear in mind that the batchprocessor is actually alpha. It was developed directly for my university to issue a lot of certificates to our management staff. The revocation is not tested until now.

Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org



-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to