Unable to Update CRLs to Multiple OCSP Responders in Red Hat Certificate System 8.1
Issue
- After installing multiple OCSP Masters and Clones at remote sites, only one OCSP responder is receiving CRL updates with the following in the CA debug log.
[CRLIssuingPoint-MasterCRL]: Error publishing CRL to null: Failed to create CA entry with DN: UID=Certificate Authority,OU=people,O=$SITE Security Domain. There may be entries in the directory hierarchy which do not exist. Please create them manually.
[CRLIssuingPoint-MasterCRL]: PublisherProcessor::publishCRL: error: Failed to create CA entry with DN: UID=Certificate Authority,OU=people,O=$SITE Security Domain. There may be entries in the directory hierarchy which do not exist. Please create them manually.
[CRLIssuingPoint-MasterCRL]: Could not publish CRL. Error Failed to publish using rule: LdapCrlRule
[CRLIssuingPoint-MasterCRL]: Could not publish CRL. ID MasterCRL
[Thread-142]: In PublisherProcessor::publishCert
[Thread-142]: Publishing: can't find publishing rule,exiting routine.
[Thread-142]: PublishProcessor::publishCert : Failed to publish using rule: No rules enabled
[Thread-142]: RunListeners: IRequestListener = com.netscape.cms.listeners.CertificateRevokedListener
Environment
- Red Hat Certificate System 8.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.