Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]


To recover a backup on Unix:

Run the command:

./bin/ssh-ca-backup -restore

This command will:

  • Restore the Certifier database from the most recent backup and apply the current transaction log (or its mirror) to it.
  • Restore the configuration files in the conf/ subdirectory.
  • Restore the var/pki subdirectory

This command will not automatically restore the nCipher HSM security world files. To accomplish this, run the following command instead:

./bin/ssh-ca-backup -restore -with-nfast

For a full description of the ssh-ca-backup script options, please see Section ssh-ca-backup.

To recover a backup on Windows:

  1. Obtain the database file from the most recent backup or the actual current database file in the SSH Tectia Certifier installation directory (if it is still available).
  2. Run the transaction log in the backup directory into the database. This is done with the dbeng7 command with the -a option.
  3. Run the current transaction log (or its mirror) into the database. For example on Unix, if the current backup is located in /mnt/disk1/backup/current and /mnt/disk2/certifier.log is the mirror of the current transaction log, the following commands will restore the database:
    cd /usr/local/certifier/sybase
    cp /mnt/disk1/backup/current/certifier.db ./certifier.db
    dbeng7 -a /mnt/disk1/backup/current/certifier.log ./certifier.db
    dbeng7 -a /mnt/disk2/certifier.log ./certifier.db
  4. After this operation has been successfully completed, SSH Tectia Certifier can be restarted using the ssh-ca-start command.

If private keys used by one of the SSH Tectia Certifier server installations have been lost, a new certificate must be enrolled for that server before it can be used. This probably requires some operator activity to set up a pre-shared secret for the server. If there are no functioning servers in the system, SSH Tectia Certifier must be started in insecure configuration mode first. See Section Starting and Stopping SSH Tectia Certifier Manually.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now