Restore backup with custom certs


(jelle) #1

[Nethserver 6.5]
Today I tried restoring a bare metal restore for testing purposes. I took a full backup from my production server and restored it (USB) via

restore-config and restore-data

This worked, but I couldn’t get the web-admin page to run. Also IMAP and SMTP weren’t listening. I suspected my custom signed certificates. I installed them (didn’t include them in config-backup earlier), but still the services didn’t come up.
It turns out I had to re-run

# db configuration setprop pki CrtFile '/etc/e-smith/templates.metadata/etc/pki/tls/certs/mysignedcert.crt
# db configuration setprop pki ChainFile '/etc/e-smith/templates.metadata/etc/pki/tls/certs/mysignedcert.ca-bundle.crt
# signal-event certificate-update

Then (I rebooted the testserver) everything came up as expected. Don’t know if these steps will automatically be taken when I include the certs in config-backup and restore that, but if not, theses steps should be added to the docs about restoring backups I think.


(Alessio Fattorini) #2

Uh that’s odd we need to reproduce it but I guess that your speculations are correct. What do you think @giacomo?


(Giacomo Sanchietti) #3

Custom certificates should be added to configuration backup.

I just updated the manual (for release 6.6):
http://docs.nethserver.org/projects/nethserver-devel/en/v6.6/certificate_management.html

Thank you for reporting


(Filippo Carletti) #4

We could add a visual interface to upload certificates and handle their backup automatically.
What do yuo think @jelle?


(jelle) #5

That would be great of course! After uploading the certs the system should automatically enable the them I guess? After restoring config-backup, will Nethserver automatically enable the custom certs?


(Giacomo Sanchietti) #6

Sure, it should be all automatic.