Unable to Update CRLs to Multiple OCSP Responders in Red Hat Certificate System 8.1

Solution Unverified - Updated -

Issue

  • After installing multiple OCSP Masters and Clones at remote sites, only one OCSP responder is receiving CRL updates with the following in the CA debug log.
[CRLIssuingPoint-MasterCRL]: Error publishing CRL to null: Failed to create CA entry with DN: UID=Certificate Authority,OU=people,O=$SITE Security Domain. There may be entries in the directory hierarchy which do not exist. Please create them manually.
[CRLIssuingPoint-MasterCRL]: PublisherProcessor::publishCRL: error: Failed to create CA entry with DN: UID=Certificate Authority,OU=people,O=$SITE Security Domain. There may be entries in the directory hierarchy which do not exist. Please create them manually.
[CRLIssuingPoint-MasterCRL]: Could not publish CRL. Error Failed to publish using rule:  LdapCrlRule
[CRLIssuingPoint-MasterCRL]: Could not publish CRL. ID MasterCRL
[Thread-142]: In  PublisherProcessor::publishCert
[Thread-142]: Publishing: can't find publishing rule,exiting routine.
[Thread-142]: PublishProcessor::publishCert : Failed to publish using rule: No rules enabled
[Thread-142]: RunListeners: IRequestListener = com.netscape.cms.listeners.CertificateRevokedListener

Environment

  • Red Hat Certificate System 8.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content