From: Nicolas M. (CeSPI) <nm...@ce...> - 2014-02-28 14:38:46
|
I left to say that this behavior happend on: - Openca-base 1.5.1 / Openca-tools 1.3.0 on Debian 7 (Stable) - Openca-base 1.1.1 / Openca-tools 1.3.0 on Debian 6 (Old Stable) I think that this problem could be related with another bug related with putting all objects (CA CERT / CERTIFICATE / REQUEST) in all different categories regardless their status: CACERT [valid / expired] , REQUEST [new / renew / pending / signed / approved / archived / deleted] , CERTIFICATE [valid / expired / revoked / suspended] For example, on OpenCA 1.5.1 on my CA that have: - one CA cert - one CRL - two valid certificates if I make on the node interface: Node Ops -> Backup and Recovery -> Database I can see the following: Thursday 27 February 21:48:13 UTC Exporting DB ... Please wait until operation completes Exporting valid CA_CERTIFICATE ... Exporting all necessary objects. cc2821c7d9025aadb34c467ea115980f3e64690b.pem Exporting expired CA_CERTIFICATE ... Exporting all necessary objects. cc2821c7d9025aadb34c467ea115980f3e64690b.pem Exporting new CRR ... No objects are present. Exporting pending CRR ... No objects are present. Exporting signed CRR ... No objects are present. Exporting approved CRR ... No objects are present. Exporting archived CRR ... No objects are present. Exporting deleted CRR ... No objects are present. Exporting valid CRL ... Exporting all necessary objects. 1.pem Exporting new REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting renew REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting pending REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting signed REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting approved REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting archived REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting deleted REQUEST ... Exporting all necessary objects. 256.spkac 512.spkac Exporting valid CERTIFICATE ... Exporting all necessary objects. 998806535358870519861744.pem 419063751874877379914325.pem Exporting expired CERTIFICATE ... Exporting all necessary objects. 998806535358870519861744.pem 419063751874877379914325.pem Exporting revoked CERTIFICATE ... Exporting all necessary objects. 998806535358870519861744.pem 419063751874877379914325.pem Exporting suspended CERTIFICATE ... Exporting all necessary objects. 998806535358870519861744.pem 419063751874877379914325.pem Exporting archive ... Load required variables ... Changing to directory /home/openca/OpenCA/var/openca/tmp/tmp_19420 ... Running the export command(s) ... /bin/tar -cvpf /tmp/openca_local -C /home/openca/OpenCA/var/openca/tmp/tmp_19420 . Archive created successfully. Test the archive ... /bin/tar -tvf /tmp/openca_local Clean up ...Ok. Nicolás Macia _____________ CERTunlp El 27/02/14 21:48, Nicolas Macia escribió: > Hello, I have a problem. > > After requesting Digital Cert at public site, an URL is sent to the > requester to confirm his email address > > The problem is what it is seen at RA interface: > - CSR confirmed using previous URL are tagged with state NEW > - CSR not confirmed are tagged with state TEMPNEW > - Approved CSR are tagged with state APPROVED > > When I use the node interface to exchange information to the CA, all CSR of ANY STATE are exported to CA as approved REQUESTS. > > Seems to me that the problem is that RA only should export approved > requests but it doesn't. > > anyone who knows what is the problem here?? > > > Thanks > Nico ----- CeSPI Centro Superior para el Procesamiento de la Información Universidad Nacional de La Plata ------------------------------------------------------------------------------- Proteja el Medioambiente. No imprima este mail si no es absolutamente necesario |