Re: PR7 Module-kmwizard-1 has been released

Will there be instructions for the migration instructions? Because I am stumped.
Or is this something a Miva web host handles?
I Clicked migration wizard link.
Next > displays current key location "Stored in Database" (ok).
Next > Options: 1. Leave Private Keys in current location 2. Move Private Keys into a MySQL Database (Selected to move)
Next >Asks for Connection String, Username, Password, Connection flags
Now I am stumped. I have no idea a what connection string or flags are. The username is prefilled, but what password does it want ? a new one or my current login?
Finally, am I supposed to first create an empty MySQL database or will this wizard do that.
Thanks, Diana

Re: PR7 Module-kmwizard-1 has been released

Rick,

This isn't working. I chose the second option, "Move Private Keys into a MySQL Database", where the mySQL database is stored on a physically separate server (not publicly accessible). Entered the connection string, username and password. It comes up with a pop-up that says:

"The entered connection string references the primary database. If you wish to migrate the private keys into the primary database, please select 'Move Private Keys into the Primary Database'"

There is no option to "Move Private Keys into the Primary Database". The only three options are:

- Leave Private Keys in their Current Location
- Move Private Keys into a MySQL Database
- Move Private Keys into a MivaSQL Database on the Web Server

Re: PR7 Module-kmwizard-1 has been released

@Diana, sorry you should just leave the defaults and click next.

@Remik, the option I mentioned is on your list its the bottom one. As for your other issue open a ticket and get Jim access so we can look.

Re: PR7 Module-kmwizard-1 has been released

However the best Option in this case is to contact our support department and not risk messing up your keys.

@Diana, my recommendation for defaults was in the MivaSQL option and NOT the MySQL option, you'll need to contact your host for assistance with the MySQL option.

Re: PR7 Module-kmwizard-1 has been released

Rick, thanks for your help. I will contact my host.

Further Detail

In PR7, there are two databases:

1. The "Primary Database" -- This database contains 99.9% of the information regarding the store. Products, categories, configuration, and order data.
2. The "Private Key Database" -- This database contains only the encrypted private key component of order data encryption keypairs. PCI wants this data stored separately from the encrypted order data.

New PR7 installations prompt for the location of the separate private key database in setup.mvc.

Users that have upgraded from PR6 will still have the private key information stored in the primary database. The purpose of this wizard is to allow knowledgeable administrators to move the private key information to a separate private key database.

In our PA-DSS implementation guide, there are two allowable data storage configurations.

1. Primary MySQL database, separate MySQL private key database.
2. Primary MySQL database, separate MivaSQL private key database (on the webserver).

In either case the primary MySQL database must be a physically separate system than the webserver.

Again, those of you that upgraded from PR6 will have your private keys stored in the primary database. It's worth mentioning that if your primary database is MivaSQL, there's no point in running this wizard because you will not meet the requirements of our PA-DSS Implementation Guide without moving all of your data into a MySQL database (a task which is outside the scope of this wizard).

This leaves us with the following starting point: Primary database is MySQL, private keys are stored in primary database.

To migrate your private key information into a *different* MySQL database:
1. You or your server administrator must create an empty MySQL schema.
1a. This MySQL schema should be on a different physical server than the primary database, and should have a different password than the primary database.
2. Select "Move Private Keys into a MySQL database"
2a. The connection string is in the form <schema>@<mysql_server>
2b. The username and password were determined in step 1.
2c. Leave the flags field blank.

The wizard will try to keep you from hurting yourself. If you accidentally enter the same MySQL database connection information as your primary database, it will not allow you to proceed. If you enter connection information for a MySQL database that contains tables, it will not allow you to proceed.

To migrate your private key information into a MivaSQL database:
1. Select "Move Private Keys into a MivaSQL Database on the Web Server"
1a. For MivaSQL, the connection string is the name of the MivaSQL schema file. The default is mm5_privatekeys.dbf. You can safely use the default value.
1b. Leave the flags field blank.

Again, the wizard will try to keep you from hurting yourself. If the MivaSQL schema already exists, you will not be able to proceed. Also, the option to migrate to a MivaSQL private key database is not always present, to prevent filename collisions when the primary database is also MivaSQL.

Yes, I realize this is all confusing. PA-DSS has made the configuration of the software far more complicated. We've built a number of mechanisms into the wizard to prevent users from irretrievably losing their private key data.

PLEASE, PLEASE, PLEASE: IF YOU ARE NOT ABSOLUTELY SURE OF WHAT YOU ARE DOING, CONTACT OUR SUPPORT DEPARTMENT AT 858-490-2570 AND LET US ASSIST YOU

Re: PR7 Module-kmwizard-1 has been released

Burch - thanks for the info - that makes a lot more sense.

One new bug... after installing VM 5.07 and running this wizard, you can no longer change any users' passwords in MM admin. When you click Update, it results in:

Fatal error in mm5/5.00/admin.mvc @ [0000005a:000000b8]: admin/log.mv: Line 111: Unresolved call to external function 'miva_openlog'

Re: PR7 Module-kmwizard-1 has been released

UPDATE: It appears the above error comes up on a lot of other screens, too. I get this when clicking Pack Data Files, the store name -> Update (without making any changes), edit any product -> Update (without making any changes), etc. Just about every screen results in this.

I re-uploaded VM 5.07 from scratch, just to be on the safe side. Same thing.

Re: PR7 Module-kmwizard-1 has been released

CONFIRMED: Rolling back to VM 5.06 fixes this issue (but then it "fails" the PA-DSS checklist).

Re: PR7 Module-kmwizard-1 has been released

This must have to do with our new logging not liking your setup. I have 5.07 on multiple sites without these issues. I'll have Burch jump in with assistance shortly.

Re: PR7 Module-kmwizard-1 has been released

Your 5.07 engine is not properly installed. Make sure you have logging.so registered as a builtin function library.

Re: PR7 Module-kmwizard-1 has been released

Ah, something new that wasn't mentioned in the VM 5.07 release docs. Thanks, it's working now.

Re: Further Detail

Hi, I'm bringing up a site that I developed using PR6 and then I migrated it to PR7. We haven't created any Private Keys that I'm aware of yet. When I click Admin>Order Encryption it says "No Encryption records to display". I want to comply with PCI-DSS and want to install the kmwizard update. What special instructions do I need to follow? I'm guessing that I still need to contact my host and request a separte database to store the keys that I want to use but haven't created yet.

Re: PR7 Module-kmwizard-1 has been released

The encryption keys themselves are separate from the database where they reside.

This module moves their location from the main database to it's own. You can just choose the move keys to a MivaSQL database on your primary web server and you won't need your host. This is the easiest path and is compliant.