Before we talk about the error and its solution, here’s my OpenCA setup – It’s an offline Certificate Authority. i.e.,
RA (online registration authority that includes RA & NODE) and
CA (offline certificate authority that includes CA & NODE) setup is installed different machines. It means, RA and CA communicates via Data Exchange method, which is performed by a library called
export-import.lib. For instance, the CA certificate and its configurations can be exported from CA machine and imported into RA machine. If everything goes well, then the data should be exchanged between CA & RA without any issue. But it didn’t, I got an error “Can’t call method get on an undefined value at export-import.lib” while exchanging data from CA to RA. This tutorial will explain how to fix the same.
Below is the complete error while performing import @ RA machine.
Error Code: 700 The compilation of the command cmdNodeDownloadCert failed. Can't call method "get" on an undefined value at /home/openra/lib/openca/functions/export-import.lib line 2225.
Though the CA Certificate under the path:
/home/openca/var/openca/crypto/cacerts/ and CRL’s under
/home/openca/var/openca/crypto/crls/ is imported correctly, the CA Certificate wasn’t imported into the database! So, at first I suspected if CA machine has exported the data properly (I mean, whether the CA certificate was exported properly?) in
ca-down tar file.
Verify CA Certificate in the tar file
ca-down as shown below:
tar -tvf /home/openca/var/openca/tmp/ca-down
From the above screenshot, you can understand that the CA certificate has been exported properly. But import failed to update the same in the database.
After spending lot of time, I understand that the OpenCA uses two directories
/home/openca/var/openca/log/ to manage data exchange. Surprisingly those two directories were missing and that was the reason behind the error – Can’t call method get on an undefined value at export-import.lib.
So all I need to do is to create
download directories under the
log folder and provide necessary permissions for the web server to create a file into it. That’s it! Now the data exchange between CA & RA went on smoothly.