|Applies To||RSA Certificate Manager 6.8|
RSA Certificate Manager 6.8 HA
Microsoft Windows Server 2003 SP2
ADAM High Availability
Certificate Revocation List (CRL)
|Issue||RCM CRL not being generated automatically per crl timer configuration|
From the trace.log, observed the following error in various places:
2011/01/03 13:32:20 ldap 1556 2884 D:\RCM\CERTMGR-3837\strong-sentry\ldap\ldap-3.3-hodges\servers\slapd\crltimer.c:4016 Automatic complete CRL generation Failed.
If RCM is configured with an external LDAP (i.e., only one instance of RCM), crl timers are disabled by default. To use crl timers, please follow the steps in "Using Revocation List Timers with HighAvailability" section on page 212 of RSACertificateManagerAdministratorsGuide.
In "High Availability Configuration - Revocation List Generators" configuration, we can configure values for primary instance and Health check period even if secondary is not configured for HA.
|Cause||Problem in configuring HostName (FQDN) and Secure Directory server secure port in Revocation List Timers - High Availability. Configured Details are Primary HostName:rcm1.acme.com Port:636.|
|Resolution||For RCM CRL H/A configuration, in most scenarios using FQDN for the primary host works fine. However, depending on the host machine's network configuration, RCM might detect the hostname to be a FQDN or a short hostname.|
In this situation, using short hostname (i.e., rcm1), instead of the FQDN, as the primary HostName resolved the issue.
|Notes||Refer to article Revocation List Timers - High Availability not working for a tool that can help find out the hostname string that RCM would come up with during startup.|
|Legacy Article ID||a53778|