Zivios debian/ubuntu howto installation problem

Discussion in 'HOWTO-Related Questions' started by cybrsrce, Sep 23, 2008.

  1. cybrsrce

    cybrsrce New Member

    I get stuck at the CA Installation where it gives me:

    Error Code: 625 | Could not copy distribution supplied CA certificates to Zivios anchors folder

    There is nothing in the log directory. I have chowned every zivios directory, subdirs, and file to www-data:www-data and still get the same error. I don't care AT ALL about a worthless CA but the install won't even go forward without it. The files actually are created or moved to the directory, it just doesn't seem to believe it...

    I checked out the old depreciated method but many of the scripts are not present, so that isn't even a valid backup install method.

    I'm not a php guy so I don't know if I could just comment out something and move on that would be great.
  2. mhashmi

    mhashmi New Member

    I've fixed this issue in the new installer which is available via launchpad -- you may want to switch to doing a developer checkout.

    However, the issue is not something which should be a show stopper. Try the following:

    The 0.2 installer made a backup of your /etc/ssl directory in /etc/ssl.orig. The issue is, the installer would overwrite this backup without checking for the existence of the original directory.

    To fix it, try the following:

    rm -rf /etc/ssl
    mkdir -p /etc/ssl/certs /etc/ssl/public /etc/ssl/private
    chgrp ssl-cert /etc/ssl/public ; chgrp ssl-cert /etc/ssl/private
    chmod 750 /etc/ssl/private

    apt-get --reinstall -y install ca-certificates

    To ensure the process above does not need to be repeated, you can take a backup of your own via:

    cp -pR /etc/ssl /etc/ssl-my-backup

    Try the step again via your browser.

    Randomly changing permissions won't help; the installer will simply overwrite what you do the next time it runs. If however you do want to do the install over (and assuming you are following the install document without modification), please check the file:


    I apologize about that. Some internal wiki docs got published which do not make sense for the public wiki. I'll have the doc pulled.

    Don't worry about commenting anything out. The CA is fundamental to how Zivios runs. When you add servers and desktops to Zivios, certificates are generated which are used for secure communication on SSL channels. You can additionally give your users the option of logging into their desktops via smart-cards if you like by using the CA generated certs and defining appropriate capabilities (like s/MIME, code-signing, etc).

    So, in a nutshell, even if I tell you how to skip the step, Zivios will remain broken.

    I would recommend you join us on our mailing list if possible. It'll be much quicker for me to help you there. Also, our 0.5.1 release is around the corner which properly implements backup of original OS directories as well as some other fixes.

  3. cybrsrce

    cybrsrce New Member

    That worked. I ran into another issue but I'll hit up the mailing list for the answer.


Share This Page