Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]


To recover a backup on Unix:

Run the command:

./bin/ssh-ca-backup -restore

This command will:

  • Restore the Certifier database from the most recent backup and apply the current transaction log (or its mirror) to it.
  • Restore the configuration files in the conf/ subdirectory.
  • Restore the var/pki subdirectory

This command will not automatically restore the nCipher HSM security world files. To accomplish this, run the following command instead:

./bin/ssh-ca-backup -restore -with-nfast

For a full description of the ssh-ca-backup script options, please see Section ssh-ca-backup.

To recover a backup on Windows:

  1. Obtain the database file from the most recent backup or the actual current database file in the SSH Tectia Certifier installation directory (if it is still available).
  2. Run the transaction log in the backup directory into the database. This is done with the dbeng7 command with the -a option.
  3. Run the current transaction log (or its mirror) into the database. For example on Unix, if the current backup is located in /mnt/disk1/backup/current and /mnt/disk2/certifier.log is the mirror of the current transaction log, the following commands will restore the database:
    cd /usr/local/certifier/sybase
    cp /mnt/disk1/backup/current/certifier.db ./certifier.db
    dbeng7 -a /mnt/disk1/backup/current/certifier.log ./certifier.db
    dbeng7 -a /mnt/disk2/certifier.log ./certifier.db
  4. After this operation has been successfully completed, SSH Tectia Certifier can be restarted using the ssh-ca-start command.

If private keys used by one of the SSH Tectia Certifier server installations have been lost, a new certificate must be enrolled for that server before it can be used. This probably requires some operator activity to set up a pre-shared secret for the server. If there are no functioning servers in the system, SSH Tectia Certifier must be started in insecure configuration mode first. See Section Starting and Stopping SSH Tectia Certifier Manually.

PreviousNextUp[Front page] [Index]