database openssl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

database openssl

sampei02@tiscali.it
I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their status.
Now I need to migrate this server to another one, so I ask myself how can I export this db.
thanks



Con Mobile Open 6 GB hai 6 Giga, 600 minuti e 300 SMS per il tuo smartphone a 9€ al mese per sempre. Passa ora a Tiscali Mobile, il nostro mese è vero! http://tisca.li/Open6GB0318


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: database openssl

Jan Just Keijser-2
Hi,

On 29/05/18 09:47, Sampei wrote:
> I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their
> status.
> Now I need to migrate this server to another one, so I ask myself how can I export this db.
> thanks
>

the openssl CA "database" usually consists of two files. The location of these files is specified in the openssl.cnf file. The
files are
   serial   - containing the last issued serial number
   index.txt  - containing the list of all issued, expired and revoked certificates.

As I said, the location of these files is depending on how you set up your temporary CA.

HTH,

JJK

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: database openssl

Jakob Bohm-7
On 29/05/2018 10:43, Jan Just Keijser wrote:

> Hi,
>
> On 29/05/18 09:47, Sampei wrote:
>> I'm using Linux server to create temporary CA and I know openssl
>> maintains a text database of issued certificates and their status.
>> Now I need to migrate this server to another one, so I ask myself how
>> can I export this db.
>> thanks
>>
>
> the openssl CA "database" usually consists of two files. The location
> of these files is specified in the openssl.cnf file. The files are
>   serial   - containing the last issued serial number
>   index.txt  - containing the list of all issued, expired and revoked
> certificates.
>
> As I said, the location of these files is depending on how you set up
> your temporary CA.
>
Additionally, the openssl ca command stores the complete value of each
issued certificate in a subdirectory specified in openssl.cnf, this
may be needed/useful when importing to other CA software.

Also note that unless a special setting is included (I forget where),
the openssl ca database will be in a different (older) format that
only remembers the most recently issued certificate for a given
subject distinguished name.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: database openssl

sampei02@tiscali.it

Oh, It's a good starter point.
Openssl, installed in old server, is 0.9.7e version.
Openssl, installed in new server, is -0.9.8e verson.
In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf
where 
xxx= is directory, 
yyyy = name of .cnf file
I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got:
/lib/libcrypto.so.0.9.7a
/lib/libssl.so.0.9.7a
/usr/bin/openssl
/usr/share/doc/openssl-0.9.7a
/usr/share/doc/openssl-0.9.7a/CHANGES
/usr/share/doc/openssl-0.9.7a/FAQ
/usr/share/doc/openssl-0.9.7a/INSTALL
/usr/share/doc/openssl-0.9.7a/LICENSE
/usr/share/doc/openssl-0.9.7a/NEWS
/usr/share/doc/openssl-0.9.7a/README
/usr/share/doc/openssl-0.9.7a/c-indentation.el
/usr/share/doc/openssl-0.9.7a/openssl.txt
/usr/share/doc/openssl-0.9.7a/openssl_button.gif
/usr/share/doc/openssl-0.9.7a/openssl_button.html
/usr/share/doc/openssl-0.9.7a/ssleay.txt
/usr/share/man/man1/asn1parse.1ssl.gz
/usr/share/man/man1/ca.1ssl.gz
/usr/share/man/man1/ciphers.1ssl.gz
/usr/share/man/man1/crl.1ssl.gz
/usr/share/man/man1/crl2pkcs7.1ssl.gz
/usr/share/man/man1/dgst.1ssl.gz
/usr/share/man/man1/dhparam.1ssl.gz
/usr/share/man/man1/dsa.1ssl.gz
/usr/share/man/man1/dsaparam.1ssl.gz
/usr/share/man/man1/enc.1ssl.gz
/usr/share/man/man1/gendsa.1ssl.gz
/usr/share/man/man1/genrsa.1ssl.gz
/usr/share/man/man1/md2.1ssl.gz
/usr/share/man/man1/md4.1ssl.gz
/usr/share/man/man1/md5.1ssl.gz
/usr/share/man/man1/mdc2.1ssl.gz
/usr/share/man/man1/nseq.1ssl.gz
/usr/share/man/man1/ocsp.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/pkcs12.1ssl.gz
/usr/share/man/man1/pkcs7.1ssl.gz
/usr/share/man/man1/pkcs8.1ssl.gz
/usr/share/man/man1/req.1ssl.gz
/usr/share/man/man1/ripemd160.1ssl.gz
/usr/share/man/man1/rsa.1ssl.gz
/usr/share/man/man1/rsautl.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/sess_id.1ssl.gz
/usr/share/man/man1/sha.1ssl.gz
/usr/share/man/man1/sha1.1ssl.gz
/usr/share/man/man1/smime.1ssl.gz
/usr/share/man/man1/speed.1ssl.gz
/usr/share/man/man1/spkac.1ssl.gz
/usr/share/man/man1/sslpasswd.1ssl.gz
/usr/share/man/man1/sslrand.1ssl.gz
/usr/share/man/man1/verify.1ssl.gz
/usr/share/man/man1/version.1ssl.gz
/usr/share/man/man1/x509.1ssl.gz
/usr/share/man/man5/config.5ssl.gz
/usr/share/man/man7/DES.7ssl.gz
/usr/share/man/man7/Modes.7ssl.gz
/usr/share/man/man7/des_modes.7ssl.gz
/usr/share/man/man7/of.7ssl.gz
/usr/share/ssl
/usr/share/ssl/CA
/usr/share/ssl/CA/private
/usr/share/ssl/cert.pem
/usr/share/ssl/certs
/usr/share/ssl/certs/Makefile
/usr/share/ssl/certs/ca-bundle.crt
/usr/share/ssl/certs/make-dummy-cert
/usr/share/ssl/lib
/usr/share/ssl/misc
/usr/share/ssl/misc/CA
/usr/share/ssl/misc/c_hash
/usr/share/ssl/misc/c_info
/usr/share/ssl/misc/c_issuer
/usr/share/ssl/misc/c_name
/usr/share/ssl/openssl.cnf
/usr/share/ssl/private
I don't understand because rpm has no reference to "/usr/local/openssl-0.9.7e/" path where there .cnf configuration files.



Il 29.05.2018 10:43 Jan Just Keijser ha scritto:

Hi,

On 29/05/18 09:47, Sampei wrote:
I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their status. Now I need to migrate this server to another one, so I ask myself how can I export this db. thanks
the openssl CA "database" usually consists of two files. The location of these files is specified in the openssl.cnf file. The 
files are
   serial   - containing the last issued serial number
   index.txt  - containing the list of all issued, expired and revoked certificates.

As I said, the location of these files is depending on how you set up your temporary CA.

HTH,

JJK




Il 29.05.2018 13:12 Jakob Bohm ha scritto:

On 29/05/2018 10:43, Jan Just Keijser wrote:
Hi, On 29/05/18 09:47, Sampei wrote:
I'm using Linux server to create temporary CA and I know openssl maintains a text database of issued certificates and their status. Now I need to migrate this server to another one, so I ask myself how can I export this db. thanks
the openssl CA "database" usually consists of two files. The location of these files is specified in the openssl.cnf file. The files are   serial   - containing the last issued serial number   index.txt  - containing the list of all issued, expired and revoked certificates. As I said, the location of these files is depending on how you set up your temporary CA.
Additionally, the openssl ca command stores the complete value of each
issued certificate in a subdirectory specified in openssl.cnf, this
may be needed/useful when importing to other CA software.

Also note that unless a special setting is included (I forget where),
the openssl ca database will be in a different (older) format that
only remembers the most recently issued certificate for a given
subject distinguished name.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 



Con Mobile Open 6 GB hai 6 Giga, 600 minuti e 300 SMS per il tuo smartphone a 9€ al mese per sempre. Passa ora a Tiscali Mobile, il nostro mese è vero! http://tisca.li/Open6GB0318


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: database openssl

sampei02@tiscali.it
In reply to this post by Jan Just Keijser-2
I think It’s installed 2 version OpenSSL; the former by rpm package while the latter by source tar infact I see following files into /usr/local/openssl-0.9.7e :

drwxr-xr-x  21 root root   4096 Feb  4  2005 .
drwxr-xr-x  19 root root   4096 Jan 20  2011 ..
drwxr-xr-x   4 root root   4096 May 31 11:51 apps
drwxr-xr-x   2 root root   4096 Oct 25  2004 bugs
drwxr-xr-x   3 root root   4096 Oct 25  2004 certs
-rw-rw-r--   1 root root 287307 Oct 25  2004 CHANGES
-rw-rw-r--   1 root root  42751 Dec 23  1998 CHANGES.SSLeay
-rw-rw-r--   1 root root     27 Sep 30  2003 comms.txt
-rw-rw-r--   1 root root     17 Sep 30  2003 comm.txt
-rwxrwxr-x   1 root root  23980 Jun 29  2004 config
-rwxrwxr-x   1 root root  83455 Oct  1  2004 Configure
drwxr-xr-x  46 root root   4096 Feb  4  2005 crypto
drwxr-xr-x  15 root root   4096 Oct 25  2004 demos
-rw-rw-r--   1 root root   3058 Sep 30  2003 diffs.6
-rw-rw-r--   1 root root   4930 Sep 30  2003 diffs.6e
-rw-rw-r--   1 root root   6721 Sep 30  2003 diffs.6x
-rw-rw-r--   1 root root   4868 Sep 30  2003 diffs.7
-rw-rw-r--   1 root root   4948 Sep 30  2003 diffs.sec
-rw-rw-r--   1 root root   1814 Sep 30  2003 diffs.sec6
-rw-rw-r--   1 root root   1898 Sep 30  2003 diffs.sec6e
-rw-rw-r--   1 root root   3627 Sep 30  2003 diffs.sec7
-rw-rw-r--   1 root root   5080 Sep 30  2003 diffs.secfix
drwxr-xr-x   6 root root   4096 Oct 25  2004 doc
-rw-rw-r--   1 root root    456 Sep 30  2003 do_patch.sh
-rw-rw-r--   1 root root   9539 Oct 20  2004 e_os2.h
-rw-rw-r--   1 root root  17254 May 14  2004 e_os.h
-rw-rw-r--   1 root root  35375 Oct 25  2004 FAQ
drwxr-xr-x   9 root root   4096 Oct 25  2004 fips
drwxr-xr-x   3 root root   4096 Oct 25  2004 include
-rw-rw-r--   1 root root  13301 May 11  2004 INSTALL
-rw-rw-r--   1 root root   2757 May 27  2004 install.com
-rw-rw-r--   1 root root   1527 Dec  4  2002 INSTALL.DJGPP
-rw-rw-r--   1 root root   3264 Oct  1  2001 INSTALL.MacOS
-rw-rw-r--   1 root root    744 Jul 17  2002 INSTALL.OS2
-rw-rw-r--   1 root root  11363 Sep  7  2001 INSTALL.VMS
-rw-rw-r--   1 root root  10134 May 11  2004 INSTALL.W32
-rw-rw-r--   1 root root   2409 Dec  3  2002 INSTALL.WCE
-rw-rw-r--   1 root root   6279 Mar 17  2004 LICENSE
drwxr-xr-x   3 root root   4096 Oct 25  2004 MacOS
-rw-r--r--   1 root root  34102 Feb  4  2005 Makefile
-rw-r--r--   1 root root  34081 Feb  4  2005 Makefile.bak
-rw-rw-r--   1 root root  33715 Sep 28  2004 Makefile.org
-rwxrwxr-x   1 root root  26776 Aug  9  2004 makevms.com
drwxr-xr-x   2 root root   4096 Oct 25  2004 ms
-rw-rw-r--   1 root root  13986 Oct 20  2004 NEWS
-rw-rw-r--   1 root root 183560 Oct 25  2004 op
-rw-rw-r--   1 root root    137 Feb 28  1999 openssl.doxy
-rw-rw-r--   1 root root   7858 Oct 25  2004 openssl.spec
drwxr-xr-x   2 root root   4096 Oct 25  2004 os2
drwxr-xr-x   2 root root   4096 Oct 25  2004 perl
-rw-rw-r--   1 root root   5424 May 11  2004 PROBLEMS
-rw-rw-r--   1 root root   7910 Oct 25  2004 README
-rw-rw-r--   1 root root   7699 Dec  8  2000 README.ASN1
-rw-rw-r--   1 root root  16100 Jul  8  2002 README.ENGINE
drwxr-xr-x   2 root root   4096 Oct 25  2004 shlib
drwxr-xr-x   2 root root   4096 Oct 25  2004 ssl
drwxr-xr-x   2 root root   4096 May 31 11:39 test
drwxr-xr-x   5 root root   4096 Oct 25  2004 times
drwxr-xr-x   2 root root   4096 Feb  4  2005 tools
drwxr-xr-x   3 root root   4096 Oct 25  2004 util
drwxr-xr-x   2 root root   4096 Oct 25  2004 VMS


I can see Makefile, config, … which make to think to source files to compile.
If 2 ways have been used to install Openssl, what files .cnf I have to copy new system to keep every existing database?
I know system Administrators created come test certificates several times.

Here my cnf files list :

/usr/local/openssl-0.9.7e/apps/oid.cnf
/usr/local/openssl-0.9.7e/apps/oid.cnf
/usr/local/openssl-0.9.7e/apps/openssl.cnf
/usr/local/openssl-0.9.7e/apps/openssl.cnf
/usr/local/openssl-0.9.7e/apps/openssl-vms.cnf
/usr/local/openssl-0.9.7e/apps/openssl-vms.cnf
/usr/local/openssl-0.9.7e/crypto/conf/ssleay.cnf
/usr/local/openssl-0.9.7e/crypto/conf/ssleay.cnf
/usr/local/openssl-0.9.7e/test/CAss.cnf
/usr/local/openssl-0.9.7e/test/CAss.cnf
/usr/local/openssl-0.9.7e/test/CAssdh.cnf
/usr/local/openssl-0.9.7e/test/CAssdh.cnf
/usr/local/openssl-0.9.7e/test/CAssdsa.cnf
/usr/local/openssl-0.9.7e/test/CAssdsa.cnf
/usr/local/openssl-0.9.7e/test/CAssrsa.cnf
/usr/local/openssl-0.9.7e/test/CAssrsa.cnf
/usr/local/openssl-0.9.7e/test/Sssdsa.cnf
/usr/local/openssl-0.9.7e/test/Sssdsa.cnf
/usr/local/openssl-0.9.7e/test/Sssrsa.cnf
/usr/local/openssl-0.9.7e/test/Sssrsa.cnf
/usr/local/openssl-0.9.7e/test/test.cnf
/usr/local/openssl-0.9.7e/test/test.cnf
/usr/local/openssl-0.9.7e/test/Uss.cnf
/usr/local/openssl-0.9.7e/test/Uss.cnf
/usr/share/ssl/openssl.cnf
/usr/share/ssl/openssl.cnf

thanks





> On 31 May 2018, at 17:40, Jan Just Keijser <[hidden email]> wrote:
>
> Hi,
>
> On 31/05/18 13:23, Sampei wrote:
>> Oh, It's a good starter point.
>> Openssl, installed in old server, is 0.9.7e version.
> smells like RHEL 3 ?!?!?!?
>> Openssl, installed in new server, is -0.9.8e verson.
> smells like RHEL 5, which is out of support; you should upgrade to RHEL or CentOS 6 (which lasts until 2020) or preferably 7
>> In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf
>> where
>> xxx= is directory,
>> yyyy = name of .cnf file
>> I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got:
>> /lib/libcrypto.so.0.9.7a
>> /lib/libssl.so.0.9.7a
>> /usr/bin/openssl
>> /usr/share/doc/openssl-0.9.7a
>> /usr/share/doc/openssl-0.9.7a/CHANGES
>> /usr/share/doc/openssl-0.9.7a/FAQ
>> /usr/share/doc/openssl-0.9.7a/INSTALL
>> /usr/share/doc/openssl-0.9.7a/LICENSE
>> /usr/share/doc/openssl-0.9.7a/NEWS
>> /usr/share/doc/openssl-0.9.7a/README
>> /usr/share/doc/openssl-0.9.7a/c-indentation.el
>> /usr/share/doc/openssl-0.9.7a/openssl.txt
>> /usr/share/doc/openssl-0.9.7a/openssl_button.gif
>> /usr/share/doc/openssl-0.9.7a/openssl_button.html
>> /usr/share/doc/openssl-0.9.7a/ssleay.txt
>> /usr/share/man/man1/asn1parse.1ssl.gz
>> /usr/share/man/man1/ca.1ssl.gz
>> /usr/share/man/man1/ciphers.1ssl.gz
>> /usr/share/man/man1/crl.1ssl.gz
>> /usr/share/man/man1/crl2pkcs7.1ssl.gz
>> /usr/share/man/man1/dgst.1ssl.gz
>> /usr/share/man/man1/dhparam.1ssl.gz
>> /usr/share/man/man1/dsa.1ssl.gz
>> /usr/share/man/man1/dsaparam.1ssl.gz
>> /usr/share/man/man1/enc.1ssl.gz
>> /usr/share/man/man1/gendsa.1ssl.gz
>> /usr/share/man/man1/genrsa.1ssl.gz
>> /usr/share/man/man1/md2.1ssl.gz
>> /usr/share/man/man1/md4.1ssl.gz
>> /usr/share/man/man1/md5.1ssl.gz
>> /usr/share/man/man1/mdc2.1ssl.gz
>> /usr/share/man/man1/nseq.1ssl.gz
>> /usr/share/man/man1/ocsp.1ssl.gz
>> /usr/share/man/man1/openssl.1ssl.gz
>> /usr/share/man/man1/pkcs12.1ssl.gz
>> /usr/share/man/man1/pkcs7.1ssl.gz
>> /usr/share/man/man1/pkcs8.1ssl.gz
>> /usr/share/man/man1/req.1ssl.gz
>> /usr/share/man/man1/ripemd160.1ssl.gz
>> /usr/share/man/man1/rsa.1ssl.gz
>> /usr/share/man/man1/rsautl.1ssl.gz
>> /usr/share/man/man1/s_client.1ssl.gz
>> /usr/share/man/man1/s_server.1ssl.gz
>> /usr/share/man/man1/sess_id.1ssl.gz
>> /usr/share/man/man1/sha.1ssl.gz
>> /usr/share/man/man1/sha1.1ssl.gz
>> /usr/share/man/man1/smime.1ssl.gz
>> /usr/share/man/man1/speed.1ssl.gz
>> /usr/share/man/man1/spkac.1ssl.gz
>> /usr/share/man/man1/sslpasswd.1ssl.gz
>> /usr/share/man/man1/sslrand.1ssl.gz
>> /usr/share/man/man1/verify.1ssl.gz
>> /usr/share/man/man1/version.1ssl.gz
>> /usr/share/man/man1/x509.1ssl.gz
>> /usr/share/man/man5/config.5ssl.gz
>> /usr/share/man/man7/DES.7ssl.gz
>> /usr/share/man/man7/Modes.7ssl.gz
>> /usr/share/man/man7/des_modes.7ssl.gz
>> /usr/share/man/man7/of.7ssl.gz
>
> ******
>> /usr/share/ssl
>> /usr/share/ssl/CA
>> /usr/share/ssl/CA/private
>> /usr/share/ssl/cert.pem
>> /usr/share/ssl/certs
>> /usr/share/ssl/certs/Makefile
>> /usr/share/ssl/certs/ca-bundle.crt
>> /usr/share/ssl/certs/make-dummy-cert
>> /usr/share/ssl/lib
>> /usr/share/ssl/misc
>> /usr/share/ssl/misc/CA
>> /usr/share/ssl/misc/c_hash
>> /usr/share/ssl/misc/c_info
>> /usr/share/ssl/misc/c_issuer
>> /usr/share/ssl/misc/c_name
>> /usr/share/ssl/openssl.cnf
>> /usr/share/ssl/private
> *******
> that's the location to look for the openssl.cnf file and thus the old files; simply do a
>   find /usr/share/ssl -mtime -200
> to find any recent files - that should point you in the right direction.
>
>
> HTH,
>
> JJK
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: database openssl

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Sat, 2 Jun 2018 07:39:35 +0200, "[hidden email]" <[hidden email]> said:

sampei02> I think It’s installed 2 version OpenSSL; the former by rpm package while the latter by source tar infact I see following files into /usr/local/openssl-0.9.7e :
sampei02>
sampei02> drwxr-xr-x  21 root root   4096 Feb  4  2005 .
sampei02> drwxr-xr-x  19 root root   4096 Jan 20  2011 ..
sampei02> drwxr-xr-x   4 root root   4096 May 31 11:51 apps
sampei02> drwxr-xr-x   2 root root   4096 Oct 25  2004 bugs
sampei02> drwxr-xr-x   3 root root   4096 Oct 25  2004 certs
sampei02> -rw-rw-r--   1 root root 287307 Oct 25  2004 CHANGES
sampei02> -rw-rw-r--   1 root root  42751 Dec 23  1998 CHANGES.SSLeay
...

This is not an *installation* per se, it's a source tree.  As far as I
can see from your listing, that's all it is, it hasn't even been built
(or you would see a libcrypto.a and a libssl.a)

In all likelyhood, you can ignore this directory tree, entirely.

sampei02> Here my cnf files list :
sampei02>
sampei02> /usr/local/openssl-0.9.7e/apps/oid.cnf
sampei02> /usr/local/openssl-0.9.7e/apps/openssl.cnf
sampei02> /usr/local/openssl-0.9.7e/apps/openssl-vms.cnf
sampei02> /usr/local/openssl-0.9.7e/crypto/conf/ssleay.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAss.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssdh.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssdsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssrsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Sssdsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Sssrsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/test.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Uss.cnf

The above are standard distribution configuration files, most of them
used for testing.  Unless you can see that they are modified
(i.e. have been updated after Feb 4 2005, which is when
/usr/local/openssl-0.9.7e was created), you can ignore them.

sampei02> /usr/share/ssl/openssl.cnf

This one is part of your installation and is the most likely to
represent your database.

You might want to look if you have a index.txt somewhere within
/usr/share/ssl.  That's the index file for your cert database.  If you
don't have one, or if it's empty (it's a text file, you can display
it), then you have no database on that machine.

Cheers,
Richard

sampei02>
sampei02> thanks
sampei02>
sampei02>
sampei02>
sampei02>
sampei02>
sampei02> > On 31 May 2018, at 17:40, Jan Just Keijser <[hidden email]> wrote:
sampei02> >
sampei02> > Hi,
sampei02> >
sampei02> > On 31/05/18 13:23, Sampei wrote:
sampei02> >> Oh, It's a good starter point.
sampei02> >> Openssl, installed in old server, is 0.9.7e version.
sampei02> > smells like RHEL 3 ?!?!?!?
sampei02> >> Openssl, installed in new server, is -0.9.8e verson.
sampei02> > smells like RHEL 5, which is out of support; you should upgrade to RHEL or CentOS 6 (which lasts until 2020) or preferably 7
sampei02> >> In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf
sampei02> >> where
sampei02> >> xxx= is directory,
sampei02> >> yyyy = name of .cnf file
sampei02> >> I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got:
sampei02> >> /lib/libcrypto.so.0.9.7a
sampei02> >> /lib/libssl.so.0.9.7a
sampei02> >> /usr/bin/openssl
sampei02> >> /usr/share/doc/openssl-0.9.7a
sampei02> >> /usr/share/doc/openssl-0.9.7a/CHANGES
sampei02> >> /usr/share/doc/openssl-0.9.7a/FAQ
sampei02> >> /usr/share/doc/openssl-0.9.7a/INSTALL
sampei02> >> /usr/share/doc/openssl-0.9.7a/LICENSE
sampei02> >> /usr/share/doc/openssl-0.9.7a/NEWS
sampei02> >> /usr/share/doc/openssl-0.9.7a/README
sampei02> >> /usr/share/doc/openssl-0.9.7a/c-indentation.el
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl.txt
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.gif
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.html
sampei02> >> /usr/share/doc/openssl-0.9.7a/ssleay.txt
sampei02> >> /usr/share/man/man1/asn1parse.1ssl.gz
sampei02> >> /usr/share/man/man1/ca.1ssl.gz
sampei02> >> /usr/share/man/man1/ciphers.1ssl.gz
sampei02> >> /usr/share/man/man1/crl.1ssl.gz
sampei02> >> /usr/share/man/man1/crl2pkcs7.1ssl.gz
sampei02> >> /usr/share/man/man1/dgst.1ssl.gz
sampei02> >> /usr/share/man/man1/dhparam.1ssl.gz
sampei02> >> /usr/share/man/man1/dsa.1ssl.gz
sampei02> >> /usr/share/man/man1/dsaparam.1ssl.gz
sampei02> >> /usr/share/man/man1/enc.1ssl.gz
sampei02> >> /usr/share/man/man1/gendsa.1ssl.gz
sampei02> >> /usr/share/man/man1/genrsa.1ssl.gz
sampei02> >> /usr/share/man/man1/md2.1ssl.gz
sampei02> >> /usr/share/man/man1/md4.1ssl.gz
sampei02> >> /usr/share/man/man1/md5.1ssl.gz
sampei02> >> /usr/share/man/man1/mdc2.1ssl.gz
sampei02> >> /usr/share/man/man1/nseq.1ssl.gz
sampei02> >> /usr/share/man/man1/ocsp.1ssl.gz
sampei02> >> /usr/share/man/man1/openssl.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs12.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs7.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs8.1ssl.gz
sampei02> >> /usr/share/man/man1/req.1ssl.gz
sampei02> >> /usr/share/man/man1/ripemd160.1ssl.gz
sampei02> >> /usr/share/man/man1/rsa.1ssl.gz
sampei02> >> /usr/share/man/man1/rsautl.1ssl.gz
sampei02> >> /usr/share/man/man1/s_client.1ssl.gz
sampei02> >> /usr/share/man/man1/s_server.1ssl.gz
sampei02> >> /usr/share/man/man1/sess_id.1ssl.gz
sampei02> >> /usr/share/man/man1/sha.1ssl.gz
sampei02> >> /usr/share/man/man1/sha1.1ssl.gz
sampei02> >> /usr/share/man/man1/smime.1ssl.gz
sampei02> >> /usr/share/man/man1/speed.1ssl.gz
sampei02> >> /usr/share/man/man1/spkac.1ssl.gz
sampei02> >> /usr/share/man/man1/sslpasswd.1ssl.gz
sampei02> >> /usr/share/man/man1/sslrand.1ssl.gz
sampei02> >> /usr/share/man/man1/verify.1ssl.gz
sampei02> >> /usr/share/man/man1/version.1ssl.gz
sampei02> >> /usr/share/man/man1/x509.1ssl.gz
sampei02> >> /usr/share/man/man5/config.5ssl.gz
sampei02> >> /usr/share/man/man7/DES.7ssl.gz
sampei02> >> /usr/share/man/man7/Modes.7ssl.gz
sampei02> >> /usr/share/man/man7/des_modes.7ssl.gz
sampei02> >> /usr/share/man/man7/of.7ssl.gz
sampei02> >
sampei02> > ******
sampei02> >> /usr/share/ssl
sampei02> >> /usr/share/ssl/CA
sampei02> >> /usr/share/ssl/CA/private
sampei02> >> /usr/share/ssl/cert.pem
sampei02> >> /usr/share/ssl/certs
sampei02> >> /usr/share/ssl/certs/Makefile
sampei02> >> /usr/share/ssl/certs/ca-bundle.crt
sampei02> >> /usr/share/ssl/certs/make-dummy-cert
sampei02> >> /usr/share/ssl/lib
sampei02> >> /usr/share/ssl/misc
sampei02> >> /usr/share/ssl/misc/CA
sampei02> >> /usr/share/ssl/misc/c_hash
sampei02> >> /usr/share/ssl/misc/c_info
sampei02> >> /usr/share/ssl/misc/c_issuer
sampei02> >> /usr/share/ssl/misc/c_name
sampei02> >> /usr/share/ssl/openssl.cnf
sampei02> >> /usr/share/ssl/private
sampei02> > *******
sampei02> > that's the location to look for the openssl.cnf file and thus the old files; simply do a
sampei02> >   find /usr/share/ssl -mtime -200
sampei02> > to find any recent files - that should point you in the right direction.
sampei02> >
sampei02> >
sampei02> > HTH,
sampei02> >
sampei02> > JJK
sampei02> >
sampei02>
sampei02>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users