Just to follow up, we seem to be back in business, certificates-wise.
So basically the problem was:
1. Database got corrupted, looks suspiciously like a file was truncated
on write (not sure why, we should investigate this further whether there
are problems in the filesystem)
2. On rebuilding the database, a not-optimally-configured setting
prevented signing system accepting the restored database (and the error
message was too obscure to make this immediately obvious)
I will just need to check now that the online database and the offline
one agree (as the offline database was rebuilt using its backup) - most
things are already fine but there could be missing CRRs.
We actually have three distinct secure systems that can sign, so the
risk that we would be completely unable to sign anything is quite small.
Cheers
--jens
|