000022575 - Re-indexing RSA Keon Certificate Authority (Keon CA) database does not seem to work

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022575
Applies ToKeon Certificate Authority 6.5.1
RSA Certificate Manager 6.6
Keon Registration Authority 6.5.1
Sun Solaris 2.8
IssueRe-indexing RSA Keon Certificate Authority (Keon CA) database does not seem to work
Keon CA does not start after re-indexing its database (the Secure Directory). After re-indexing the database, the contents of NEXTID file in <KCA-install-dir>/Xudad/db/ folder show 1.
../db/db.ldif: cannot create
ldbmcat
reindex
CauseThe command in step #5 of the re-indexing instructions for Solaris platform on page 321 of RSA Keon CA 6.5.1 Administrator's Guide has a typo resulting in no database files being regenerated. The incorrect command listed in the Guide is as follows:

    bin/ldbmcat -n db/id2entry > db/db.ldif

If the above command is run as is, it will not generate any data since there is no file named "id2entry". The complete or correct name of the db file is "id2entry.dbh". The subsequent command (step #7) to regenerate the database files from the empty db.ldif would result in empty new DBH files and NEXTID set to 1. Hence, Keon CA would not start. The correct command to generate the LDIF should be as follows:

    bin/ldbmcat -n db/id2entry.dbh > db/db.ldif
ResolutionThe complete set of instructions (with corrections) to re-index the Keon CA db on Solaris platform is listed below for ready reference:

1. Click the System Configuration Workbench button in the Banner Area

2. In the Navigation Area, under General, select Database Backup

3. If a database backup has not been performed recently, from the Database Backup configuration page, either:

  a. Verify the time of the next scheduled database backup if regularly scheduled database backups are being performed

  or

  b. In the One-Time Operation Request area, click the Full Backup button

4. After the database backup is complete, stop the Keon CA Administration and Secure Directory services. For information on stopping and starting services, see ?chapter 7. Starting and Stopping Keon CA?.

5. To create the export file containing all information in the database in ASCII format, change directories to the Xudad directory and enter:

    bin/ldbmcat -n db/id2entry.dbh > db/db.ldif

6. Delete or rename db/*.dbh, db/log.*, db/__db.*, and db/NEXTID

WARNING: You can add/remove items from db/db.ldif using any standard text editor. Use extreme caution if you do so.

7. To regenerate the database and indexes (this will take several moments), run:

    bin/ldif2ldbm -i db/db.ldif -f conf/xudad.conf -e bin

The regenerated database and indexes are created in the /<installed-dir>/Xudad/db/ directory by default. This default path is shown in /<installed-dir>/Xudad/conf/xudad.conf file in the directory directive under the ldbm database definitions section.

8. Start Keon CA services

9. Click the System Configuration Workbench button in the Banner Area

10. In the Navigation Area, under General, select Database Backup

11. In the One-Time Operation Request area, click the Full Backup button
Workaround

Followed the database re-indexing instructions provided in Chapter 25 "System Maintenance", page 321 of RSA Keon Certificate Authority 6.5.1 Administrator's Guide

Legacy Article IDa28038

Attachments

    Outcomes