Announcement

Collapse
No announcement yet.

mivavm 5.20 and legacy authorization passphrase

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    mivavm 5.20 and legacy authorization passphrase

    Hello,

    I recently upgraded to Mivavm 5.20. While doing the upgrade I had a license manager issue with openssl 0.9. It looked like some certs were missing. On a whim, I copied the certs from the 5.12 set for openssl and the license manager problem went away.

    So I upgraded our production site - getting ready for miva 9. What I noticed was that the LEGACY AUTHORIZATION Passphrase for unlocking the order did not work any more.

    I spoke to support and they said it might be the database. But it could not be because I did not touch the database.

    I downgraded the engine back to 5.12 and Passphrase works again.

    What could be the source of the problem?

    I think it has something to do with the certs -but which one and why I cannot figure out.

    This is Important to me - any help appreciated.

    Sam

    #2
    Re: mivavm 5.20 and legacy authorization passphrase

    Is there any chance the two versions are talking to different versions of OpenSSL? If there's a difference in OpenSSL version, that could prevent the decryption from working.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Re: mivavm 5.20 and legacy authorization passphrase

      Dave,

      Both instances talk to OpenSSl 0.9.

      The certs directory that came with 5.20 has 224 files, and when that is turned on the License Manager fails when running diagtool.mvc. And I cannot access admin.

      I made a copy of the certs directory from 5.12 and put it into the 5.20 area, and the license manager problem went away.

      The Openssl 0.9 certs directory in the 5.12 version has 230 files.

      This problem is definitely in the Openssl area.

      I am trying to find which files are different. As soon as I do, I will report back.

      I have an instance of 5.20 with Miva 9 (without the passpharase working) in my dev site. This is usingthe certs directory from 5.12 because I could not make the license manager work with the certs directory that came with the 5.20 engine.

      I have an instance of 5.12 and Miva 5.5 (where I had upgraded the engine to 5.20 and then downgraded because of problems) on our production site.

      I don't know if you can understand all the gyrations in the above.

      Sam

      Comment


        #4
        Re: mivavm 5.20 and legacy authorization passphrase

        here is my latest

        In the 5.20 install
        OpenSSL-0.9 certs are all 51B files that are links to files in the raw directory (../raw/PE46S....pem) with a .pem extension

        In the 5.20 install
        OpenSSL-1.0 certs are all 51B files that are links to files in the raw directory but in a different order

        In the 5.12 certs directory the Openssl-0.9 certs are directly the files themselves with names like 0Abcs34.o


        in the 5.20 install There are 224 files in raw, openssl-0.9 and openssl-1.0
        in the 5.12 install There are 230 files directly in the openssl-0.9 directory.

        That is the best I have.

        Thanks
        Sam

        Comment


          #5
          Re: mivavm 5.20 and legacy authorization passphrase

          Has anyone tested this on Openssl0.9?

          Comment


            #6
            Re: mivavm 5.20 and legacy authorization passphrase

            We use OpenSSL 0.9 on our CentOS 5.x-based servers and OpenSSL 1.x on our CentOS 6.x and 7.x servers. We have migrated sites between without issue, but that does include pointing the site to the relevant certs directory for the server type it's on. Certs should come and go from the bundle at times because root certificate authorities have certs that expire, or a root shuts down, new issuer opens up, one is compromised or any number of reasons that will cause a change to the trusted bundle.

            I'm going to check with our CTO on the issue of version changes affecting your ability to decrypt.
            David Hubbard
            CIO
            Miva
            [email protected]
            http://www.miva.com

            Comment


              #7
              Re: mivavm 5.20 and legacy authorization passphrase

              I use CENTOS 5.11 i686 standard – WHM 11.46.1 (build 4)
              Thanks
              Sam

              Comment


                #8
                Re: mivavm 5.20 and legacy authorization passphrase

                Just to confirm, you're using the i386 32-bit version of Empresa for both 5.12 and 5.20? And each copy either does not have anything related to OpenSSL defined in its config (whether mivavm.conf or environment variable), or, if defined, both versions have those directives pointing at the same libssl.so and libcrypto.so files? In the flat config file method, this would be the openssl= and openssl_crypto= directives.
                David Hubbard
                CIO
                Miva
                [email protected]
                http://www.miva.com

                Comment


                  #9
                  Re: mivavm 5.20 and legacy authorization passphrase

                  David,

                  You might have hit on something -
                  Which also could explain the license manager problem I had before (which was resolved by using the certs that came with the 5.12 version).

                  I downloaded and installed the 64 bit version and my server is a 32 bit version. I got a little mentally mixed up with another server.

                  I will immediately download the correct version and try it out. And report back.

                  Thanks
                  Sam

                  Comment


                    #10
                    Re: mivavm 5.20 and legacy authorization passphrase

                    David,

                    I updated with the 32 it version and the secure passphrase works.

                    This is a dev site so there is no secure url (https)

                    The diagtool gives me
                    https://licensemgr.thelicensemanager.com/gateway/gateway.mv -> Unable to open URL 'https://licensemgr.thelicensemanager.com/gateway/gateway.mv': Error establishing SSL connection: no start line
                    https://licensing.smallbusiness.miva.com/gateway/gateway.mv -> Unable to open URL 'https://licensing.smallbusiness.miva.com/gateway/gateway.mv': Error establishing SSL connection: no start line
                    https://licensing2.smallbusiness.miva.com/gateway/gateway.mv -> Unable to open URL 'https://licensing2.smallbusiness.miva.com/gateway/gateway.mv': Error establishing SSL connection: no start line
                    https://licensemgr.miva.com/gateway/gateway.mv -> Unable to open URL 'https://licensemgr.miva.com/gateway/gateway.mv': Error establishing SSL connection: no start line
                    http://licensemgr.miva.com/gateway/gateway.mv
                    http://licensemgr2.miva.com/gateway/gateway.mv

                    Is this because I have a Openssl and certs problem or because I dont have https for the dev site?

                    Thanks very much - making progress. What a silly mistake.

                    Sam

                    Comment


                      #11
                      Re: mivavm 5.20 and legacy authorization passphrase

                      Further update.

                      I took the Openssl-0.9 files from the 5.12 engine and put them in the Openssl-0.9 directory in the 5.20 engine.

                      Now I get a pass on the diagtool AND I get the passphrase towork.

                      So - for some reason I need the 230 files in the 5.12 engine release, but I have to make sure it is the 32 bit version.

                      I hope you can shed some light on this.

                      Thank you very much
                      Sam

                      Comment

                      Working...
                      X