Re: database openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Oh, It's a good starter point.
Openssl, installed in old server, is 0.9.7e version.
Openssl, installed in new server, is -0.9.8e verson.
In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf
where 
xxx= is directory, 
yyyy = name of .cnf file
I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got:
/lib/libcrypto.so.0.9.7a
/lib/libssl.so.0.9.7a
/usr/bin/openssl
/usr/share/doc/openssl-0.9.7a
/usr/share/doc/openssl-0.9.7a/CHANGES
/usr/share/doc/openssl-0.9.7a/FAQ
/usr/share/doc/openssl-0.9.7a/INSTALL
/usr/share/doc/openssl-0.9.7a/LICENSE
/usr/share/doc/openssl-0.9.7a/NEWS
/usr/share/doc/openssl-0.9.7a/README
/usr/share/doc/openssl-0.9.7a/c-indentation.el
/usr/share/doc/openssl-0.9.7a/openssl.txt
/usr/share/doc/openssl-0.9.7a/openssl_button.gif
/usr/share/doc/openssl-0.9.7a/openssl_button.html
/usr/share/doc/openssl-0.9.7a/ssleay.txt
/usr/share/man/man1/asn1parse.1ssl.gz
/usr/share/man/man1/ca.1ssl.gz
/usr/share/man/man1/ciphers.1ssl.gz
/usr/share/man/man1/crl.1ssl.gz
/usr/share/man/man1/crl2pkcs7.1ssl.gz
/usr/share/man/man1/dgst.1ssl.gz
/usr/share/man/man1/dhparam.1ssl.gz
/usr/share/man/man1/dsa.1ssl.gz
/usr/share/man/man1/dsaparam.1ssl.gz
/usr/share/man/man1/enc.1ssl.gz
/usr/share/man/man1/gendsa.1ssl.gz
/usr/share/man/man1/genrsa.1ssl.gz
/usr/share/man/man1/md2.1ssl.gz
/usr/share/man/man1/md4.1ssl.gz
/usr/share/man/man1/md5.1ssl.gz
/usr/share/man/man1/mdc2.1ssl.gz
/usr/share/man/man1/nseq.1ssl.gz
/usr/share/man/man1/ocsp.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/pkcs12.1ssl.gz
/usr/share/man/man1/pkcs7.1ssl.gz
/usr/share/man/man1/pkcs8.1ssl.gz
/usr/share/man/man1/req.1ssl.gz
/usr/share/man/man1/ripemd160.1ssl.gz
/usr/share/man/man1/rsa.1ssl.gz
/usr/share/man/man1/rsautl.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/sess_id.1ssl.gz
/usr/share/man/man1/sha.1ssl.gz
/usr/share/man/man1/sha1.1ssl.gz
/usr/share/man/man1/smime.1ssl.gz
/usr/share/man/man1/speed.1ssl.gz
/usr/share/man/man1/spkac.1ssl.gz
/usr/share/man/man1/sslpasswd.1ssl.gz
/usr/share/man/man1/sslrand.1ssl.gz
/usr/share/man/man1/verify.1ssl.gz
/usr/share/man/man1/version.1ssl.gz
/usr/share/man/man1/x509.1ssl.gz
/usr/share/man/man5/config.5ssl.gz
/usr/share/man/man7/DES.7ssl.gz
/usr/share/man/man7/Modes.7ssl.gz
/usr/share/man/man7/des_modes.7ssl.gz
/usr/share/man/man7/of.7ssl.gz
/usr/share/ssl
/usr/share/ssl/CA
/usr/share/ssl/CA/private
/usr/share/ssl/cert.pem
/usr/share/ssl/certs
/usr/share/ssl/certs/Makefile
/usr/share/ssl/certs/ca-bundle.crt
/usr/share/ssl/certs/make-dummy-cert
/usr/share/ssl/lib
/usr/share/ssl/misc
/usr/share/ssl/misc/CA
/usr/share/ssl/misc/c_hash
/usr/share/ssl/misc/c_info
/usr/share/ssl/misc/c_issuer
/usr/share/ssl/misc/c_name
/usr/share/ssl/openssl.cnf
/usr/share/ssl/private
I don't understand because rpm has no reference to "/usr/local/openssl-0.9.7e/" path where there .cnf configuration files.



Il 29.05.2018 10:43 Jan Just Keijser ha scritto:

Hi,

On 29/05/18 09:47, Sampei wrote:
I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their status. Now I need to migrate this server to another one, so I ask myself how can I export this db. thanks
the openssl CA "database" usually consists of two files. The location of these files is specified in the openssl.cnf file. The 
files are
   serial   - containing the last issued serial number
   index.txt  - containing the list of all issued, expired and revoked certificates.

As I said, the location of these files is depending on how you set up your temporary CA.

HTH,

JJK



Il 29.05.2018 13:12 Jakob Bohm ha scritto:

On 29/05/2018 10:43, Jan Just Keijser wrote:
Hi, On 29/05/18 09:47, Sampei wrote:
I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their status. Now I need to migrate this server to another one, so I ask myself how can I export this db. thanks
the openssl CA "database" usually consists of two files. The location of these files is specified in the openssl.cnf file. The files are   serial   - containing the last issued serial number   index.txt  - containing the list of all issued, expired and revoked certificates. As I said, the location of these files is depending on how you set up your temporary CA.
Additionally, the openssl ca command stores the complete value of each
issued certificate in a subdirectory specified in openssl.cnf, this
may be needed/useful when importing to other CA software.

Also note that unless a special setting is included (I forget where),
the openssl ca database will be in a different (older) format that
only remembers the most recently issued certificate for a given
subject distinguished name.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



Con Mobile Open 6 GB hai 6 Giga, 600 minuti e 300 SMS per il tuo smartphone a 9€ al mese per sempre. Passa ora a Tiscali Mobile, il nostro mese è vero! http://tisca.li/Open6GB0318

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux