Restore backup with custom certs

jelle · March 3, 2015, 7:04pm

[Nethserver 6.5]
Today I tried restoring a bare metal restore for testing purposes. I took a full backup from my production server and restored it (USB) via

restore-config and restore-data

This worked, but I couldn’t get the web-admin page to run. Also IMAP and SMTP weren’t listening. I suspected my custom signed certificates. I installed them (didn’t include them in config-backup earlier), but still the services didn’t come up.
It turns out I had to re-run

# db configuration setprop pki CrtFile '/etc/e-smith/templates.metadata/etc/pki/tls/certs/mysignedcert.crt
# db configuration setprop pki ChainFile '/etc/e-smith/templates.metadata/etc/pki/tls/certs/mysignedcert.ca-bundle.crt
# signal-event certificate-update

Then (I rebooted the testserver) everything came up as expected. Don’t know if these steps will automatically be taken when I include the certs in config-backup and restore that, but if not, theses steps should be added to the docs about restoring backups I think.

alefattorini · March 3, 2015, 8:48pm

Uh that’s odd we need to reproduce it but I guess that your speculations are correct. What do you think @giacomo?

giacomo · March 4, 2015, 5:06pm

Custom certificates should be added to configuration backup.

I just updated the manual (for release 6.6):
http://docs.nethserver.org/projects/nethserver-devel/en/v6.6/certificate_management.html

Thank you for reporting

filippo_carletti · March 4, 2015, 6:09pm

We could add a visual interface to upload certificates and handle their backup automatically.
What do yuo think @jelle?

jelle · March 4, 2015, 11:13pm

That would be great of course! After uploading the certs the system should automatically enable the them I guess? After restoring config-backup, will Nethserver automatically enable the custom certs?

giacomo · March 5, 2015, 9:37am

Sure, it should be all automatic.